Closed Bug 886115 Opened 12 years ago Closed 12 years ago

Persistent Cross Site Scripting(XSS) on support.mozilla.org

Categories

(support.mozilla.org :: General, defect)

Product:
support.mozilla.org
Component:
General
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 886114

People

(Reporter: netfuzzerr, Unassigned)

Details

(Whiteboard: [dupe])

Attachments

(1 file)

screenshot.PNG
172.76 KB, image/png
Details
Attached image screenshot.PNG
User Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36 Steps to reproduce: Hi, There's a persistent cross site scripting vulnerability on https://support.mozilla.org/pt-BR/questions/962761#answer-447831 that allows attackers to steal user's cookies. The vulnerability is caused by non escape of chars inside html events. Reproduce(on Internet Explorer): 1. go to https://support.mozilla.org/pt-BR/questions/962761 2. Post a reply with this content "<!--[if<img src=x onerror=confirm('XSSED');//]> -->" 3. submit the post. 4. See the persistent xss. This vulnerability works only on Internet Explorer(tested on 8,9 and 10). PoC: https://support.mozilla.org/pt-BR/questions/962761#answer-447831 I'm attaching a screenshot of this flaw on IE8. Also, I would like to know if this bug can be eligible for a bounty? Cheers, Mario
assigned to rforbes for verification https://wiki.mozilla.org/Security/Web_Bug_Rotation#Web_Bug_Verification
Assignee: nobody → rforbes
Whiteboard: [site:support.mozilla.org][reporter-external][verif?]
closing this one as dupe of 886114
Assignee: rforbes → nobody
Status: UNCONFIRMED → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
Whiteboard: [site:support.mozilla.org][reporter-external][verif?] → [dupe]
These bugs are all resolved, so I'm removing the security flag from them.
Group: websites-security
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: