https://bugzilla.wikimedia.org/show_bug.cgi?id=65839
Chris Steipp <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Group|security | CC| |[email protected], | |[email protected], | |[email protected], | |[email protected] Component|Core |Uploading Version|unspecified |1.24-git Product|Security |MediaWiki --- Comment #29 from Chris Steipp <[email protected]> --- No CVE, I'll update with one if mitre assigns one. I actually argued against it for this bug (http://seclists.org/oss-sec/2014/q2/646), since I haven't been able to find a way to actually exploit it, so I think this falls into good hardening. There are two threats: * Tracking a user who views a page. Right now, MediaWiki and WMF extensions only put the PNG in the page. If a gadget, or another extension puts the actual SVG into the article, this would be exploitable. I haven't found one that does that, but I wouldn't be surprised if one existed, and there is certainly interest in putting this feature into MediaWiki in the near future. * Running javascript in embeded svg files from other domains. As I mentioned, Opera will run the javascript, but the javascript can only talk back to the including domain. If another browser does this wrong, it would open up xss on the wiki, but I haven't found one yet. But there's also a thread on oss-sec right now about when hardening issues should get a CVE, so based on the outcome of that, this might get one assigned. -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
