Closed
Bug 772058
Opened 12 years ago
Closed 12 years ago
Security issue: Bugzilla attachments can contain malicious meta redirects
Categories
(Bugzilla :: Attachments & Requests, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 256348
People
(Reporter: eusebiu.blindu, Unassigned)
References
()
Details
User Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11 Steps to reproduce: Upload a file with a malicious meta redirect Actual results: Viewing the attachment https://landfill.bugzilla.org/bugzilla-4.2-branch/show_bug.cgi?id=17158 is sending me to a bad (offensive) website This could be used by hackers to create malicious redirects Expected results: Viewing the attachment should not have redirected the page
The exact malicious url is this one https://landfill.bugzilla.org/bugzilla-4.2-branch/attachment.cgi?id=2320
Group: bugzilla-security
Status: UNCONFIRMED → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•