Closed Bug 1149389 Opened 10 years ago Closed 10 years ago

Stored XSS

Categories

(bugzilla.mozilla.org :: General, defect)

Product:
bugzilla.mozilla.org
Component:
General
Version:
Production
Platform:
x86_64
Windows 7
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 38862

People

(Reporter: abhijeth0423, Unassigned)

References

(
URL
)

Details

Attachments

(1 file)

xss (5).svg
(deleted), image/svg+xml
Details
Attached image xss (5).svg (deleted) —
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.101 Safari/537.36 Steps to reproduce: While reporting a bug, Attach a file can be exploited for Cross Site Scripting. The attacker can upload a svg file with script to run a XSS or do a URL redirection. Actual results: When the attachment is uploaded and someone clicks it, the user/victim can be XSSed Expected results: Kindly Click on the attachment to find the victim being XSSed. Works on all browsers and also on mobile browser.
URL: https://bug1149389.bugzilla.mozilla.o...
Group: core-security → bugzilla-security
Component: Untriaged → General
Product: Firefox → bugzilla.mozilla.org
Version: 1.0 Branch → Production
we allow attachments to be rendered by the browser, but server them from a different domain to prevent xss. see one of the many duplicates of bug 38862 for more information: http://mzl.la/1BZDuXh
Group: bugzilla-security
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Resolution: --- → DUPLICATE
So is this the Sandbox Environment?
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: