sorry for not responding! the bug es caused when one user with html tags of nickname, send a nudge to other user, when this happend, the html tags are interpreted by the program.
anyway, only can execute html code.. the javascript tags are filtered, the "danger" is that you make a false link. see you example: <a href="http://www.badurl.com.ar";>http://www.google.com.ar</a> 2009/1/23 Kees Cook <k...@ubuntu.com> > ** Changed in: pidgin (Ubuntu) > Status: New => Incomplete > > ** Visibility changed to: Public > > -- > Pidgin nickname html insertion > https://bugs.launchpad.net/bugs/299048 > You received this bug notification because you are a direct subscriber > of the bug. > > Status in "pidgin" source package in Ubuntu: Incomplete > > Bug description: > Binary package hint: pidgin > > The vulnerability is caused because when other user changes the nickname or > sends a nudge, in this moment if the nickname have any html tags, the > program interprets this tag and cause it to run the code. > > But this vulnerability is very low because don't allows execute any html > code, only some.. > > eg : the vulnerability allows execute simple tags.. but no javascript code > > eg true : <a href="http://www.google.com.ar";>Text to be displayed</a> > > eg false : <script>alert(1)</script> > > finally.. is important repair this bug, because somewhere user can make > malformed link and steal cookies.. > > ProblemType: Bug > Architecture: i386 > DistroRelease: Ubuntu 8.10 > ExecutablePath: /usr/bin/pidgin > Package: pidgin 1:2.5.2-0ubuntu1 > ProcEnviron: > > PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games > LANG=es_AR.UTF-8 > SHELL=/bin/bash > SourcePackage: pidgin > Uname: Linux 2.6.27-7-generic i686 > -- Pidgin nickname html insertion https://bugs.launchpad.net/bugs/299048 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
