Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 26 Sep 2014 13:20:18 +0200
From: Hanno Böck <hanno@...eck.de>
To: oss-security@...ts.openwall.com
Subject: CVE request: Mediawiki before 1.19.19, 1.22.11 and 1.23.4
 insufficient CSS filtering of SVGs

Hi,

I know, I know, this is not a "the internet is on fire"-style vuln :-)

However, can we please get a CVE for this:
https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-September/000161.html

* (bug 69008) SECURITY: Enhance CSS filtering in SVG files. Filter
  <style> elements; normalize style elements and attributes before
  filtering; add checks for attributes that contain css; add unit tests
  for html5sec and reported bugs.

If anyone wants to discuss if this is a real vulnerability, I think it
is: Including malicious CSS by less-privileged users could lead to UI
manipulation which could cause a more-privileged user to do actions
like giving the less-prived user more privs.


Upstream Bug:
https://bugzilla.wikimedia.org/show_bug.cgi?id=69008

Code commit:
https://gerrit.wikimedia.org/r/#/c/162777/

Please assign a CVE.

cu,
-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno@...eck.de
GPG: BBB51E42

Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.