CVE-2014-3207: Unfiltered XSS

Create issue
Issue #26 resolved
Former user created an issue

SKS 1.1.4 does not filter: /pks/lookup/undefined1<ScRiPt>prompt(972363)</ScRiPt>

For example:

http://gpg.mozilla.org/pks/lookup/undefined1<ScRiPt>prompt(972363)</ScRiPt>;

Note that recent browsers will urlencode this for you, thus the XSS only affects older browsers. You can verify this using curl, for example:

curl http://gpg.mozilla.org//pks/lookup/undefined1<ScRiPt>prompt(972363)</ScRiPt>;

Proposed fix: Filter input/output (or do not display the input at all).

Initial report and findings: https://bugzilla.mozilla.org/show_bug.cgi?id=952077 by Haris (whitehat@hotmail.rs)

Comments (7)

  1. John Clizbe

    I login to mozilla bugzilla and I can't access the bug report either. so much for Mozilla and "Open"

    Lowering prio to minor until we can access the bug.

  2. kang_

    Since this is a security bug, it's hidden by default. This is done in your and your user's interest. (http://en.wikipedia.org/wiki/Responsible_disclosure)

    As this bit bucket issue is public - and I believe you are requesting the original bug to be made public before a fix is issued, the original bug is now unhidden. Note that it contains the same information.

  3. Log in to comment