Just noticed that 2.6.8.9rc5 and 2.6.8.9 (final) both seem to pick up Google's newer hangout/chat system as an XSS issue. Happens when on Google Plus and Gmail.
2.6.8.9rc4 works fine, so I suspect the [XSS] Stricter HTML checks change in 2.6.8.9rc5 is what's causing it to trip.
If you need logs, just ask.
[RESOLVED] Google hangout/chat XSS issue
[RESOLVED] Google hangout/chat XSS issue
Last edited by cef on Mon Dec 30, 2013 10:55 pm, edited 1 time in total.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:26.0) Gecko/20100101 Firefox/26.0
Re: Google hangout/chat XSS issue
Just a FYI to anyone following, I've forwarded logs by email to Giorgio to examine.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:26.0) Gecko/20100101 Firefox/26.0
Re: Google hangout/chat XSS issue
Cool. Thought I was the only one having this.
Mozilla/5.0 (Windows NT 6.2; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0
-
Giorgio Maone
- Site Admin
- Posts: 9527
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: Google hangout/chat XSS issue
Please check latest development build 2.6.8.10rc1, thanks.
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0
Re: [RESOLVED] Google hangout/chat XSS issue
Works well. Thank you very much for such a quick turn-around, especially at this time of year.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:26.0) Gecko/20100101 Firefox/26.0
Re: [RESOLVED] Google hangout/chat XSS issue
Hi.. came to report this issue too. Have now installed the dev build V. 2.6.8.10rc1 and this has fixed the issue for me too. Thanks!
Mozilla/5.0 (Windows NT 6.3; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0