Closed
Bug 899628
Opened 11 years ago
Closed 8 years ago
SWFUpload Content Spoofing
Categories
(Developer Engagement :: Mozilla Hacks, task)
Developer Engagement
Mozilla Hacks
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: shadabrocking, Unassigned, NeedInfo)
References
Details
(Keywords: sec-low, wsec-xss, Whiteboard: [site:hacks.mozilla.org][reporter-external])
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.71 Safari/537.36 Steps to reproduce: Just click on the url https://hacks.mozilla.org/wp-includes/js/swfupload/swfupload.swf?buttonImageURL=http://i.imgur.com/WrUxXCW.jpg You will see a cute cat :)
Updated•11 years ago
|
Updated•11 years ago
|
Flags: sec-bounty?
Updated•11 years ago
|
Component: Other → Mozilla Hacks
Product: Websites → Mozilla Developer Network
Version: Firefox 6 → unspecified
Comment 3•11 years ago
|
||
This site is not eligible for the bounty program (see http://www.mozilla.org/security/bug-bounty-faq-webapp.html#eligible-bugs) and this is a sec-low rated issue that has already been reported for the other Wordpress sites at Mozilla. I'm marking this as bounty- for these reasons.
Flags: sec-bounty? → sec-bounty-
Updated•11 years ago
|
Keywords: wsec-xss
Whiteboard: [site:hacks.mozilla.org] → [site:hacks.mozilla.org][reporter-external]
Comment 5•10 years ago
|
||
Adding all MDN devs to cc list of these security bugs.
Comment 6•9 years ago
|
||
I cannot reproduce this. Since it was filed the WP infrastructure has changed significantly. Is it still a bug?
Flags: needinfo?(shadabrocking)
Comment 7•8 years ago
|
||
Given that there's been no reply to this in 10 months and that Hacks is on WordPress and that's been updated significantly in the last 3 years and that Justin wasn't able to reproduce this, I'm going to mark it as FIXED. Thank you for letting us know! Sorry that this wasn't resolved in a more appropriate period of time.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Comment 8•8 years ago
|
||
For bugs that are resolved, we remove the security flag. These haven't had their flag removed, so I'm removing it now.
Group: websites-security
Updated•7 years ago
|
Product: Mozilla Developer Network → Developer Engagement
You need to log in
before you can comment on or make changes to this bug.
Description
•