Status

RESOLVED FIXED
5 years ago
a year ago

People

(Reporter: shadabrocking, Unassigned, NeedInfo)

Tracking

({sec-low, wsec-xss})

unspecified
sec-low, wsec-xss
Bug Flags:
sec-bounty -

Details

(Whiteboard: [site:hacks.mozilla.org][reporter-external])

(Reporter)

Description

5 years ago
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.71 Safari/537.36

Steps to reproduce:

Just click on the url

https://hacks.mozilla.org/wp-includes/js/swfupload/swfupload.swf?buttonImageURL=http://i.imgur.com/WrUxXCW.jpg


You will see a cute cat :)
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: sec-low
Whiteboard: [site:hacks.mozilla.org]
Duplicate of this bug: 899824
Flags: sec-bounty?
Duplicate of this bug: 900538
Blocks: 836397
Component: Other → Mozilla Hacks
Product: Websites → Mozilla Developer Network
Version: Firefox 6 → unspecified
This site is not eligible for the bounty program (see http://www.mozilla.org/security/bug-bounty-faq-webapp.html#eligible-bugs) and this is a sec-low rated issue that has already been reported for the other Wordpress sites at Mozilla. I'm marking this as bounty- for these reasons.
Flags: sec-bounty? → sec-bounty-

Updated

5 years ago
Keywords: wsec-xss
Whiteboard: [site:hacks.mozilla.org] → [site:hacks.mozilla.org][reporter-external]
Adding all MDN devs to cc list of these security bugs.
I cannot reproduce this. Since it was filed the WP infrastructure has changed significantly. Is it still a bug?
Flags: needinfo?(shadabrocking)
Given that there's been no reply to this in 10 months and that Hacks is on WordPress and that's been updated significantly in the last 3 years and that Justin wasn't able to reproduce this, I'm going to mark it as FIXED.

Thank you for letting us know! Sorry that this wasn't resolved in a more appropriate period of time.
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → FIXED
For bugs that are resolved, we remove the security flag. These haven't had their flag removed, so I'm removing it now.
Group: websites-security

Updated

a year ago
Product: Mozilla Developer Network → Developer Engagement
You need to log in before you can comment on or make changes to this bug.