[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #2780 [Torbutton]: Investigate Torbutton translation input validation issue

To: undisclosed-recipients:;
Subject: [tor-bugs] #2780 [Torbutton]: Investigate Torbutton translation input validation issue
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Mon, 21 Mar 2011 11:59:23 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 21 Mar 2011 07:59:33 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bugs reporting list for trac <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#2780: Investigate Torbutton translation input validation issue
-----------------------------------------------------------------------------+
 Reporter:  mikeperry                                                        |          Owner:  mikeperry
     Type:  defect                                                           |         Status:  new      
 Priority:  blocker                                                          |      Milestone:           
Component:  Torbutton                                                        |        Version:           
 Keywords:  TorbuttonIterationFires20110320 MikePerryIterationFires20110320  |         Parent:           
   Points:  2                                                                |   Actualpoints:           
-----------------------------------------------------------------------------+
 We had a random anonymous person show up on IRC who pointed out that
 Transifex was not filtering their input for XSS or other attacks. While
 this is bad for our website, it is potentially even worse for Torbutton.
 XUL XSS means arbitrary code execution.

 I spoke with Dan Veditz and he both half-chastised me for trusting this
 input, and also explained the history Mozilla went through before they
 managed to make Personas safe to deploy. DTD elements can carry arbitrary
 XUL elements. Properties are much less risky unless you use them as
 .innerHTML in DOM manipulations.

 I also tried to see if I could "break out" of a DTD element used inside an
 attribute by closing the quote and injecting a script attribute. I could
 not.

 I believe this means that only two of our DTD elements should actually be
 vulnerable to this.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2780>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #2780 [Torbutton]: Investigate Torbutton translation input validation issue
  - From: Tor Bug Tracker & Wiki

Prev by Author: [tor-bugs] #2779 [Development Progress]: Machinations and Research Emails
Next by Author: Re: [tor-bugs] #2780 [Torbutton]: Investigate Torbutton translation input validation issue
Previous by thread: Re: [tor-bugs] #2779 [Development Progress]: Machinations and Research Emails
Next by thread: Re: [tor-bugs] #2780 [Torbutton]: Investigate Torbutton translation input validation issue
Index(es):
- Author
- Thread