Closed Bug 873315 Opened 12 years ago Closed 12 years ago

TEST SELF-XSS

Categories

(Bugzilla :: Bugzilla-General, defect)

Product:
Bugzilla
Component:
Bugzilla-General
Platform:
x86
Windows 7
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: fabiancuchietti, Unassigned)

Details

Attachments

(2 files)

test.html
78 bytes, text/plain
Details
xssss
101 bytes, application/octet-stream
Details
Attached file test.html
User Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.64 Safari/537.31 Steps to reproduce: TEST XSS MOZILLA! Actual results: TEST XSS MOZILLA! Expected results: TEST XSS MOZILLA!
Attached file test
test
Attached file xssss
xsss
Status: UNCONFIRMED → RESOLVED
Closed: 12 years ago
Resolution: --- → INVALID
Comment on attachment 750821 [details] test.html <html> <body> "><A onmouseover="alert(1337)" href="">click here</A> "><iframe src=x onload=alert(8)> "><input autofocus onfocus=alert(1)> "><audio onerror="prompt(String.fromCharCode(47, 88, 83, 83, 47))" src="."></audio> "><iframe src="data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4"> </html></body>
This is a production bug database used by the Mozilla community to develop Firefox, and other products. It is not a test system or something to play with. Please use http://landfill.bugzilla.org/ if you want to test things. If you continue to abuse bugzilla.mozilla.org your account will be disabled.
Attachment #750824 - Attachment is private: true
Glob, Please can you hide this bug? It appears to be an attempt to xss exploit us. Best to hide it from the public
I apologize, but this bounty list this domain included. I made ​​a report about a vulnerability found. https://bugzilla.mozilla.org/show_bug.cgi?id=873328 Best regards.
Is the issue an XSS exploit on bugzilla? Did you get any confidential information? Please answer the questions in the other bug
Assignee: nobody → general
Component: Untriaged → Bugzilla-General
Product: Firefox → Bugzilla
QA Contact: default-qa
Version: 3.0 Branch → unspecified
Group: bugzilla-security
(In reply to Fabian Cuchietti from comment #6) > I apologize, but this bounty list this domain included. I made ​​a report > about a vulnerability found. > https://bugzilla.mozilla.org/show_bug.cgi?id=873328 correct, and reporting the issue there is the correct thing to do. however you've also used bugzilla.mozilla.org to experiment with xss (this bug); this is not the appropriate place to perform experimentation.
Attachment #750824 - Attachment is private: false
No reason to leave this bug restricted to the security group. You cannot do XSS. Simply delete the attachments; admins have enough power to do this.
Group: bugzilla-security
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: