12774 – S60 browser doesn't properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks

CLOSED INVALID 12774

S60 browser doesn't properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks

https://bugs.webkit.org/show_bug.cgi?id=12774

Summary S60 browser doesn't properly parse HTML comments, which allows remote attacke...

Krishna

Reported 2007-02-14 13:18:33 PST

2.2.2007 Ilhan Gurel: This originally comes from the following reported vulnerability: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0478 The link also has information about the proof of concept data. Description of the original problem: Apple Safari does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment. It has been acklowledged that this is also valid issue for S60 browser as it uses same code.

Attachments
Add attachment proposed patch, testcase, etc.

Robert Blaut

Comment 1 2008-06-11 00:14:30 PDT

I think the S60 platform bug should be closed as other S60 bugs.

Joel Parks

Comment 2 2011-03-21 11:53:11 PDT

re-purposing InTSW keyword for use by QtWebkit team

Note You need to log in before you can comment on or make changes to this bug.

Status CLOSED

Resolution INVALID

Priority P2

Severity Normal

Classification Unclassified

Version 420+

Hardware S60 Hardware

OS S60 3rd edition

Product WebKit

Component DOM

Assignee

Nobody

Reported

2007-02-14 13:18 PST

Modified

2011-03-21 11:53 PDT History

CC List

2 users Show

URL

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0478

Keywords

Depends on

Blocks