778647 - XSS able to be executed

Status: RESOLVED DUPLICATE of bug 528661

(Firefox :: Untriaged, defect)

Description

[Charles Shriver]

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.57 Safari/536.11

Steps to reproduce:

Version: 14.0.1
OS: MAC OSX  10.7.4

* Copy this URL plus XSS string to a Firefox URL window (this could also be done by a user who would click on this URL string from an email message, who had Firefox as their default browser)
* Click on Enter


Actual results:

An alert box appears showing the message 1


Expected results:

* The URL should have been encoded and an error should have occurred
* Per the reference below, this problem used to occur on Google Chrome: 
http://blog.securitee.org/?attachment_id=43

Comment 1

[Charles Shriver]

The URL copied to the Firefox URL window that caused the XSS to happen: 
http://securitee-playground.co.cc/files/chrome_xss.php?a=<script>alert(1);/*;/*&b=*/</script>

Comment 2

[Charles Shriver]

I copied the URL one more time below; its probably the same as the one above. Sometimes I've gotten a 'URL not found' error when using what I think is the URL below; the URL below does cause the XSS to occur.

http://securitee-playground.co.cc/files/chrome_xss.php?a=<script>alert(1);/*;/*&b=*/</script>

Comment 3

[Daniel Veditz [:dveditz]]

If a page stupidly echoes parts of user input into web content with insufficient filtering the resulting XSS is a web site security bug. Some browsers have a feature that tries to protect against the simplest cases where the XSS attack is directly present in URL parameters. There is an enhancement bug to add such a feature to Firefox.