Advisory: developer.mozilla.org - DOM based Cross-site Scripting vulnerability
Advisory ID: SSCHADV2013-010
Author: Stefan Schurtz
Affected Software: Successfully tested on developer.mozilla.org
Vendor URL: http://developer.mozilla.org
Vendor Status: fixed
==========================
Vulnerability Description
==========================
The website 'developer.mozilla.org' is prone to a DOM based XSS vulnerability.
==========================
PoC-Exploit
==========================
// SRware Iron 24.0.1350.0 & & Google Chrome 27.0.1453.93 Internet Explorer 10
https://developer.mozilla.org/en-US/docs/Code_Review_FAQ#'/>
https://developer.mozilla.org/en-US/docs/Code_Review_FAQ#'/>
==========================
Disclosure Timeline
==========================
28-May-2013 - vendor informedon bugzilla.mozilla.org
12-Jun-2013 - fixed by vendor
==========================
Credits
==========================
Vulnerability found and advisory written by Stefan Schurtz.
==========================
References
==========================
http://www.mozilla.org
http://www.darksecurity.de/advisories/2013/SSCHADV2013-010.txt