Closed
Bug 1739926
Opened 3 years ago
Closed 3 years ago
Xss triggered on half loaded page on search bar
Categories
(Fenix :: Toolbar, task)
Fenix
Toolbar
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 1725626
People
(Reporter: sas.kunz, Unassigned)
References
Details
(Keywords: sec-low, Whiteboard: [reporter-external] [client-bounty-form] [verif?])
Attachments
(2 files)
cnn.jpeg
Hello,
I found xss triggered on when search bar( firefox android) Its executed when web page half loaded.
Step produces
- Copy javascript:alert(document.domain)
- Open cnn.com or other sites
3 when page half loades paste javascript:allert(document.domain) on search bar
4 xss executed
Flags: sec-bounty?
|
||
Updated•3 years ago
|
Group: firefox-core-security → mobile-core-security
Component: Security → Security: Android
Product: Firefox → Fenix
|
||
Comment 3•3 years ago
|
||
Although we do try to block pasted javascript URLs because users get scammed, it's technically a self-xss. If the victim has to be convinced to do this within a narrow time window that reduces the impact of the attack. calling this sec-low to start.
Keywords: sec-low
|
|
||
Comment 5•3 years ago
|
||
This bug has not been closed, so it has not been fixed.
|
||
Comment 6•3 years ago
|
||
javascript URIs are not loadable from the address bar.
Status: UNCONFIRMED → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
|
||
Updated•3 years ago
|
Group: mobile-core-security → core-security-release
|
|
||
Comment 8•3 years ago
|
||
This fix was prompted by an earlier bug.
Group: core-security-release
Status: VERIFIED → RESOLVED
Closed: 3 years ago → 3 years ago
Flags: sec-bounty? → sec-bounty-
Resolution: FIXED → DUPLICATE
|
||
Updated•2 years ago
|
Component: Security: Android → Toolbar
You need to log in
before you can comment on or make changes to this bug.
Description
•