[Bug 1625058] [NEW] Searches containing a hyphen in a save dialog triggers a SQLParse Error

Tom Mon, 19 Sep 2016 01:56:33 -0700

Public bug reported:

I discovered a strange issue with the save dialogue. if you search for
the string 'a-bc' in a save modal it throws an SQL parse error (See
attached screenshot). This appears to be for any string with a hyphen.


The modal in my case is opened by Firefox.

Could this be a SQL injection vulnerability?

** Affects: firefox (Ubuntu)
     Importance: Undecided
         Status: New

** Attachment added: "Selection_009.png"
   
https://bugs.launchpad.net/bugs/1625058/+attachment/4743497/+files/Selection_009.png

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1625058

Title:
  Searches containing a hyphen in a save dialog triggers a SQLParse
  Error

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1625058/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1625058] [NEW] Searches containing a hyphen in a save dialog triggers a SQLParse Error

Reply via email to