search

jacklone / browserscope

Automatically exported from code.google.com/p/browserscope
Apache License 2.0
0 stars 0 forks source link

Reflected XSS test for Firefox 4.0b3 seems to be false pass #244

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?
1.Run tests for Firefox 4.0b3 and see reflected XSS passes
2. Go to 
http://zero.webappsecurity.com/banklogin.asp?err=Invalid%20Login:%20%3Cscript%3E
alert%2831337%29;%3C/script%3E in Firefox 4.0b3 and see a popup window

What is the expected output? What do you see instead?
Firefox 4.0b3 ( and earlier FF4 betas I believe) should not be given a passing 
score for reflected XSS protection

What version of the product are you using? On what operating system?
Mozilla/5.0 (X11; Linux x86_64; rv:2.0b3) Gecko/20100805 Firefox/4.0b3

Please provide any additional information below.

Original issue reported on code.google.com by steve.pi...@gmail.com on 12 Aug 2010 at 7:54

GoogleCodeExporter commented 8 years ago

Original comment by els...@gmail.com on 12 Aug 2010 at 9:34

GoogleCodeExporter commented 8 years ago

Original comment by jack...@chromium.org on 28 Oct 2010 at 5:48

GoogleCodeExporter commented 8 years ago

Original comment by jack...@chromium.org on 3 Nov 2010 at 10:33