Searches containing a hyphen in a save dialog triggers a SQLParse Error
Bug #1625058 reported by
Tom
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| firefox (Ubuntu) |
Expired
|
Undecided
|
Unassigned | ||
Bug Description
I discovered a strange issue with the save dialogue. if you search for the string 'a-bc' in a save modal it throws an SQL parse error (See attached screenshot). This appears to be for any string with a hyphen.
The modal in my case is opened by Firefox.
Could this be a SQL injection vulnerability?
Revision history for this message
| Paul White (paulw2u) wrote | #2 |
| Changed in firefox (Ubuntu): | |
| status: | New → Incomplete |
Revision history for this message
| Launchpad Janitor (janitor) wrote | #3 |
| Changed in firefox (Ubuntu): | |
| status: | Incomplete → Expired |
To post a comment you must log in.
Thank you for taking the time to report this bug and helping to make Ubuntu better. We are sorry that we do not always have the capacity to look at all reported bugs in a timely manner. There have been many changes in Ubuntu since that time you reported the bug and your problem may have been fixed with some of the updates. It would help us a lot if you could test it on a currently supported Ubuntu version.
When you test it and it is still an issue, kindly upload the updated logs by running only once:
apport-collect 1625058
and any other logs that are relevant for this particular issue.