Content type sniff xss is possible on https://developer
User Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.5 Safari/537.22 Steps to reproduce: Hi, There's a content type sniff vulnerability in https://developer.mozilla.org/pt-PT/docs/get-documents that allows xss in some versions of Internet Explorer. The vulnerability is caused by non-use of header X-Content-Type-Options. PoC: https://developer.mozilla.org/pt-PT/docs/get-documents?term=%22'¤t_locale=1&.html Tested on IE 6/7. Cheers, Mario
assigned to rforbes for verification
Assignee: nobody → rforbes
Status: UNCONFIRMED → NEW
Ever confirmed: true
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Flags: sec-bounty? → sec-bounty-
Resolution: --- → WONTFIX
For bugs that are resolved, we remove the security flag. These haven't had their flag removed, so I'm removing it now.
You need to log in before you can comment on or make changes to this bug.