Closed
Bug 883950
Opened 11 years ago
Closed 11 years ago
[sms] xss vulnerability with contacts handling in the recipients editor when getting an activity
Categories
(Firefox OS Graveyard :: Gaia::SMS, defect)
Tracking
(blocking-b2g:leo+, b2g18 fixed, b2g18-v1.0.1 unaffected)
| Tracking | Status | |
|---|---|---|
| b2g18 | --- | fixed |
| b2g18-v1.0.1 | --- | unaffected |
People
(Reporter: julienw, Assigned: oconnore)
Details
(Keywords: regression, sec-critical)
Attachments
(1 file)
STR:
- Create a contact with name '<blink> Hola </blink>'
- Tap on the 'message icon'
EXPECTED:
You will try to send a SMS/MMS to a text <blink> Hola </blink>
CURRENTLY:
'Hola' is blinking!
Please check other possibilities of injection in the recipients editor too.
see also bug 824437 and bug 883616 for other examples of XSS Injection
|
||
Updated•11 years ago
|
Keywords: regression,
sec-critical
|
||
Updated•11 years ago
|
status-b2g18:
--- → affected
|
Reporter | |
Comment 1•11 years ago
|
||
Will need leo+ for this, this is an injection through activities.
I wonder if we can also make the pattern filter used for activities more strict (in addition to making the code more robust of course)
Flags: needinfo?(dietrich)
|
||
Updated•11 years ago
|
blocking-b2g: leo? → leo+
Flags: needinfo?(dietrich)
|
||
Comment 2•11 years ago
|
||
Adding eric to CC to see if he wants to take this bug.
|
|
Reporter | |
Updated•11 years ago
|
Assignee: nobody → eric
|
|
Reporter | |
Updated•11 years ago
|
status-b2g18-v1.0.1:
--- → unaffected
|
|
Reporter | |
Comment 3•11 years ago
|
||
Eric, any update there ?
|
Assignee | |
Comment 4•11 years ago
|
||
I have a patch, I am fixing the unit tests.
|
|
||
Updated•11 years ago
|
Target Milestone: --- → 1.1 QE3 (26jun)
|
|
Assignee | |
Comment 5•11 years ago
|
||
Attachment #768120 -
Flags: review?(felash)
|
|
Assignee | |
Updated•11 years ago
|
Attachment #768120 -
Flags: review?(gnarf37)
|
|
||
Comment 6•11 years ago
|
||
Comment on attachment 768120 [details] [review]
Pull request on github
Added some comments on the pull request
|
|
Reporter | |
Updated•11 years ago
|
Attachment #768120 -
Flags: review?(felash)
|
|
||
Comment 7•11 years ago
|
||
Comment on attachment 768120 [details] [review]
Pull request on github
r=me
Attachment #768120 -
Flags: review?(gnarf37) → review+
|
|
||
Comment 8•11 years ago
|
||
master: cee375743267335a4590cd4ba93b9129a179166d
v1-train: 5bafa880efe499ceee234807d88bf0752d6960fe
|
|
||
Comment 9•11 years ago
|
||
Correction: master: b9a009103bd70ec77eb8ec9472a943e38d8219b1
|
||
Updated•11 years ago
|
Attachment mime type: text/plain → text/x-github-pull-request
|
|
Reporter | |
Comment 10•11 years ago
|
||
Hey Paul, now that 1.1 is out, can we remove the protection on this bug?
Flags: needinfo?(ptheriault)
|
|
Reporter | |
Comment 11•11 years ago
|
||
Note that accoding to the flags it never affected 1.0.
You need to log in
before you can comment on or make changes to this bug.
Description
•