Closed
Bug 839227
Opened 12 years ago
Closed 12 years ago
[settings] query selectors are vulnerable to injection type attacks
Categories
(Firefox OS Graveyard :: Gaia::Settings, defect)
Firefox OS Graveyard
Gaia::Settings
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 828925
People
(Reporter: dchanm+bugzilla, Unassigned)
References
Details
The settings app appears to perform concatenation of user input when generating query selectors. A malformed query selector will cause a JS error
E/GeckoConsole( 371): [JavaScript Error: "SyntaxError: An invalid or illegal string was specified" {file: "app://settings.gaiamobile.org/js/settings.js" line: 40}]
STR
1. Go to Settings -> Internet Sharing -> Hotspot settings
2. Change SSID network name to (with quotes)
a"][b="
3. Press OK
4. Notice no error in `adb logcat`
5. Change SSID network name to
a"][b=
6. Press OK
7. Notice that network "name" has not been updated and the above error in `adb logcat`
Expected
No error, network name updated
I'm using the Internet Sharing feature as an example. There may be other fields with similar bugs. I am unsure of the severity of this issue. If a malicious app could change user input / interact with the settings apps, it may cause the settings app to retrieve incorrect settings values.
Reporter | ||
Updated•12 years ago
|
blocking-b2g: --- → leo?
Reporter | ||
Updated•12 years ago
|
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
Updated•12 years ago
|
blocking-b2g: leo? → ---
You need to log in
before you can comment on or make changes to this bug.
Description
•