Status

mozilla.org
Video
RESOLVED FIXED
6 years ago
a year ago

People

(Reporter: Shai rod, Unassigned)

Tracking

({wsec-xss})

other
wsec-xss
Bug Flags:
sec-bounty -

Details

Attachments

(1 attachment)

(Reporter)

Description

6 years ago
Created attachment 649079 [details]
JWPlayer XSS

User Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.60 Safari/537.1

Steps to reproduce:

http://people.mozilla.org/ contains a JWPlayer flash component which is vulnerable to reflected XSS.

Visit the following link:
http://people.mozilla.com/~nhirata/html_tp/post_files/player.swf#?&displayclick=link&link=javascript:javascript:alert%28%22XSS%22%29&linktarget=_self&file=blabla.flv


Actual results:

XSS Triggered.

Comment 1

6 years ago
people is designed to be an "unsafe" filestorage / testing server. I've nominated the bug for bounty and we will get back to you on the qualification.

nhirata: Do you still need JWPlayer or can you delete it from your public_html?
Assignee: nobody → nhirata.bugzilla
Status: UNCONFIRMED → NEW
Ever confirmed: true
(Reporter)

Comment 3

6 years ago
B.T.W:

There are two more Vulnerable JWPlayer components here:

http://videos.mozilla.org/serv/air_mozilla/player.swf
http://videos.mozilla.org/uploads/air_mozilla/player.swf
people.mozilla.org is not an eligible site. This is used for testing and personal accounts by Mozilla members and not as a production site.

Updated

5 years ago
Blocks: 836560
Adding keywords to bugs for metrics, no action required.  Sorry about bugmail spam.
Keywords: wsec-xss
Flags: sec-bounty-
Status: NEW → RESOLVED
Last Resolved: a year ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.