899628 - SWFUpload Content Spoofing

Status: RESOLVED FIXED

(Developer Engagement :: Mozilla Hacks, task)

Description

[shadab]

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.71 Safari/537.36

Steps to reproduce:

Just click on the url

https://hacks.mozilla.org/wp-includes/js/swfupload/swfupload.swf?buttonImageURL=http://i.imgur.com/WrUxXCW.jpg


You will see a cute cat :)

Comment 3

[Al Billings [:abillings - ex-MoCo]]

This site is not eligible for the bounty program (see http://www.mozilla.org/security/bug-bounty-faq-webapp.html#eligible-bugs) and this is a sec-low rated issue that has already been reported for the other Wordpress sites at Mozilla. I'm marking this as bounty- for these reasons.

Comment 5

[Luke Crouch [:groovecoder]]

Adding all MDN devs to cc list of these security bugs.

Comment 6

[Justin Crawford [:hoosteeno] [:jcrawford]]

I cannot reproduce this. Since it was filed the WP infrastructure has changed significantly. Is it still a bug?

Comment 7

[Will Kahn-Greene [:willkg] ET needinfo? me]

Given that there's been no reply to this in 10 months and that Hacks is on WordPress and that's been updated significantly in the last 3 years and that Justin wasn't able to reproduce this, I'm going to mark it as FIXED.

Thank you for letting us know! Sorry that this wasn't resolved in a more appropriate period of time.

Comment 8

[Will Kahn-Greene [:willkg] ET needinfo? me]

For bugs that are resolved, we remove the security flag. These haven't had their flag removed, so I'm removing it now.