Pidgin-WebKit

potential XSS exploit

Bug #297829 reported by tron on 2008-11-13

258

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Pidgin-WebKit	New	Critical	Simo Mattila

Bug Description

Pasting the following in a conversation:
<iframe src="[url]" marginwidth="0" marginheight="0" width="468" height="60" frameborder="0" style="border:none;" scrolling="no">
Redirects the recipient and the sender to [url] without confirmation and prevents new messages from the sender from displaying.

Simo Mattila (simom) on 2008-11-15

Changed in pidgin-webkit:
assignee:	nobody → simom
importance:	Undecided → Critical

Revision history for this message

Simo Mattila (simom) wrote on 2008-11-15:

#1

On what protocol this is happening? Because I can't reproduce this on msn or xmpp.

Revision history for this message

tron (tron1point0) wrote on 2008-11-15:

#2

It only happened on aim for me.

Revision history for this message

tron (tron1point0) wrote on 2009-01-29:

#3

Got the fix, where do i send it to?

Revision history for this message

Simo Mattila (simom) wrote on 2009-01-29:

#4

You can add a patch as an attachment to this bug report.

Revision history for this message

tron (tron1point0) wrote on 2009-01-29:

#5

xss.patch Edit (185 bytes, text/plain)

Done.

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

xss.patch Edit

Add patch

Remote bug watches

Bug watches keep track of this bug in other bug trackers.