Jump to content
SirGod

[Security Report] A Security Audit of Firefox Accounts

Recommended Posts

Posted (edited)

Cei de la Mozilla au facut un audit de securitate pe Firefox Accounts. Auditul a fost facut de Cure53 (da, incluzand pe Mario Heiderich).

 

Detalii: https://blog.mozilla.org/security/2017/07/18/web-service-audits-firefox-accounts/

Raport complet: https://blog.mozilla.org/security/files/2017/07/FXA-01-report.pdf

 

Un raport curat, informativ, vulnerabilitati actuale (pentru cei satui de ../../etc/passwd si order by 5).

 

Edited by SirGod
  • Upvote 1
Posted
16 minutes ago, Gecko said:

Vulnerabilitatile notate "high" si "critical" sunt penibile, nici nu-mi imaginez cum la nivelul ala inca nu se face validare pe un camp numit "name" si, mai ales, cum sa dai echo din backend in fiecare proprietate JSON, ca sa construiesti response-ul manual, cand ai functii care ti-ar reprezenta un array direct in JSON, incluzand si validarea aferenta, pentru cazurile astea cand ori esti prea lenes, ori prea prost, sa validezi campul.

71144876.jpg

  • Haha 1
  • Upvote 1

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...