[tor-bugs] #2780 [Torbutton]: Investigate Torbutton translation input validation issue

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Mon Mar 21 11:59:23 UTC 2011


#2780: Investigate Torbutton translation input validation issue
-----------------------------------------------------------------------------+
 Reporter:  mikeperry                                                        |          Owner:  mikeperry
     Type:  defect                                                           |         Status:  new      
 Priority:  blocker                                                          |      Milestone:           
Component:  Torbutton                                                        |        Version:           
 Keywords:  TorbuttonIterationFires20110320 MikePerryIterationFires20110320  |         Parent:           
   Points:  2                                                                |   Actualpoints:           
-----------------------------------------------------------------------------+
 We had a random anonymous person show up on IRC who pointed out that
 Transifex was not filtering their input for XSS or other attacks. While
 this is bad for our website, it is potentially even worse for Torbutton.
 XUL XSS means arbitrary code execution.

 I spoke with Dan Veditz and he both half-chastised me for trusting this
 input, and also explained the history Mozilla went through before they
 managed to make Personas safe to deploy. DTD elements can carry arbitrary
 XUL elements. Properties are much less risky unless you use them as
 .innerHTML in DOM manipulations.

 I also tried to see if I could "break out" of a DTD element used inside an
 attribute by closing the quote and injecting a script attribute. I could
 not.

 I believe this means that only two of our DTD elements should actually be
 vulnerable to this.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2780>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list