Closed
Bug 1700011
Opened 4 years ago
Closed 4 years ago
Issue related to Bookmarks and Javascript code in url field
Categories
(Firefox :: Security, defect)
Firefox
Security
Tracking
()
RESOLVED
DUPLICATE
of bug 527530
People
(Reporter: mateuszpraca2223, Unassigned)
Details
(Whiteboard: [reporter-external] [client-bounty-form] [verif?])
Attachments
(1 file)
|
(deleted),
video/mp4
|
Details |
Version of Mozilla Firefox: 86.0.1 (64 bit)
REPRODUCTION CASE:
- Open the Mozilla Firefox
- Go to creating a new bookmark, for example from bookmarks bar:
2.1 Put the name, for example: test_bug
2.2 Put the url: javascript:alert(document.domain) - Open this bookmark - The alert message will appear
- Go to, for example: www.google.com and open created bookmark from bookmarks bar - There will appear the alert with information that it is from www.google.com
Mozilla Firefox allows for us to put and execute javascript code instead of address of website in bookmark.
How did I find it:
I found it when I was exploring bookmarks in another browser :) and checked if it is also possible in Mozilla Firefox.
I attached a video that present a bug.
Flags: sec-bounty?
|
||
Comment 1•4 years ago
|
||
Yes, this is called a Bookmarklet https://en.wikipedia.org/wiki/Bookmarklet
Group: firefox-core-security
Status: UNCONFIRMED → RESOLVED
Type: task → defect
Closed: 4 years ago
Resolution: --- → INVALID
|
||
Updated•4 years ago
|
Flags: sec-bounty? → sec-bounty-
|
|
||
Updated•3 years ago
|
Resolution: INVALID → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•