[settings] query selectors are vulnerable to injection type attacks

RESOLVED DUPLICATE of bug 828925

Status

Firefox OS
Gaia::Settings
RESOLVED DUPLICATE of bug 828925
5 years ago
5 years ago

People

(Reporter: dchan, Unassigned)

Tracking

(Blocks: 1 bug)

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

5 years ago
The settings app appears to perform concatenation of user input when generating query selectors. A malformed query selector will cause a JS error

E/GeckoConsole(  371): [JavaScript Error: "SyntaxError: An invalid or illegal string was specified" {file: "app://settings.gaiamobile.org/js/settings.js" line: 40}]

STR
1. Go to Settings -> Internet Sharing -> Hotspot settings
2. Change SSID network name to (with quotes)
a"][b="
3. Press OK
4. Notice no error in `adb logcat`
5. Change SSID network name to
a"][b=
6. Press OK
7. Notice that network "name" has not been updated and the above error in `adb logcat`

Expected
No error, network name updated

I'm using the Internet Sharing feature as an example. There may be other fields with similar bugs. I am unsure of the severity of this issue. If a malicious app could change user input / interact with the settings apps, it may cause the settings app to retrieve incorrect settings values.
(Reporter)

Updated

5 years ago
blocking-b2g: --- → leo?
(Reporter)

Updated

5 years ago
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 828925

Updated

5 years ago
blocking-b2g: leo? → ---
You need to log in before you can comment on or make changes to this bug.