Closed Bug 814661 Opened 12 years ago Closed 7 years ago

[Feedback] Vulnerability analysis issues - index.html

Categories

(Firefox OS Graveyard :: Gaia, defect)

Product:
Firefox OS Graveyard
Component:
Gaia
Platform:
ARM
Gonk (Firefox OS)
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: macajc, Unassigned)

Details

We have run an automated vulnerability analysis on the Gaia code. After manually filtering the results we have found the following possible issue on the Feedback app: * index.html The form post at index.html line 28 must contain a user-specific secret in order to prevent an attacker from making unauthorized requests. 26 </header> 27 28 <form id="feedback-form" action="" method="post"> 29 30 <fieldset> As the post stands now, it looks to be exploitable. Still it doesn't seem that any personal or login information can be leaked out this way, it would just be easy to send spurious comments.
Firefox OS is not being worked on
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.