Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
XSS vulnerability
21 views
Skip to first unread message
Jonas Tingeborn
Dec 17, 2011, 1:39:07 AM12/17/11
to
Hi, I hope this is the right group...
I just discovered a way that an arbitrary script may be injected into
your site addons.mozilla.org, so that the script gets rendered
whenever a user navigates to a certain page. Ping me for more details.
I just discovered a way that an arbitrary script may be injected into
your site addons.mozilla.org, so that the script gets rendered
whenever a user navigates to a certain page. Ping me for more details.
L. David Baron
Dec 17, 2011, 9:38:34 AM12/17/11
to Jonas Tingeborn, dev-moz...@lists.mozilla.org
details, see:
http://www.mozilla.org/security/bug-bounty.html
http://www.mozilla.org/security/bug-bounty-faq-webapp.html
-David
--
𝄞 L. David Baron http://dbaron.org/ 𝄂
𝄢 Mozilla http://www.mozilla.org/ 𝄂
Jonas Tingeborn
Dec 17, 2011, 10:03:16 AM12/17/11
to
Thanks David and Justin for the prompt replies.
I forwarded the details to the security mailing address as requested.
/ Jonas
I forwarded the details to the security mailing address as requested.
/ Jonas
0 new messages