Closed Bug 907105 Opened 11 years ago Closed 11 years ago

XSS in Browser Address Bar

Categories

(Firefox :: Untriaged, defect)

Product:
Firefox
Component:
Untriaged
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 255107

People

(Reporter: 1brainf111, Unassigned)

Details

(Whiteboard: [reporter-external])

Attachments

(1 file)

test.html
156 bytes, text/plain
Details
Attached file test.html 
User Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/28.0.1500.71 Chrome/28.0.1500.71 Safari/537.36

Steps to reproduce:

insert to Address Bar data:text/html;base64,PHNjcmlwdD4gYWxlcnQoIlhTUyIpOyA8L3NjcmlwdD4=


Actual results:

alrt("XSS")


Expected results:

nothing or error "Page not found"
Severity: normal → critical
Keywords: sec-critical
OS: Linux → All
Hardware: x86 → All
This is identical to the report in bug 654016 which was resolved duplicate of bug 255107
Group: core-security
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
Flags: sec-bounty-
Whiteboard: [reporter-external]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: