Issue 591944 link

Starred by 1 user

Issue metadata

Status:	WontFix
Owner:	----
Closed:	Mar 2016
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	----
Type:	Bug-Security
allpublic

Security: Vulnerability Issue (UXSS in Comodo Dragon Browser Version 29.1.0.0)

Reported by evan.ric...@gmail.com, Mar 4 2016

Issue description

Hello,

I am Evan of www.evanricafort.com. A security researcher from the Philippines. I found out that Comodo Dragon Browser Version 29.1.0.0 is vulnerable to Universal Cross Site Scripting (UXSS).

Reference of UXSS (http://ceukelai.re/a-tale-of-two-offline-chrome-uxss-vulns/)

Proof of Concept

Check attached file.



I hope you will fix this issue.

This issue was already reported to Comodo Security Team and their response was this:

check attached file



Best Regards,
Evan of Invalid Web Security

Comment 1 by evan.ric...@gmail.com, Mar 4 2016

Full Proof of Concept: http://evanricafort.com/pocs/2016-02-11_23-51-52.gif

Comment 2 by evan.ric...@gmail.com, Mar 4 2016

Comodo Dragon Security Team Response:

Dear Customer,

Welcome Back to COMODO!

We apologize for the Inconvenience, Mentioned issue investigated by Developers , they informed its a Chromium based bug. This bug also reproducible for Google Chrome or any other chromium based browsers.
Fixed at chromium v.47, therefore its fixed at also v.47 for both Comodo Dragon and Google Chrome. Comodo Dragon v.47 was not released. Our developers advised to wait until COMODO V.48 been released.

Should you have any queries do not hesitate to write to us.


Thanks and Regards,

Ralph
GeekBuddy Technical Support
www.comodo.com


Ticket Details
---------------------------------
Ticket ID: EGE-125-50265
Department: Comodo Dragon
Type: Issue
Status: Awaiting Reply
Priority: Default

Comment 3 by jialiul@chromium.org, Mar 4 2016

Status: WontFix (was: Unconfirmed)

Hi Evan, 
Thanks for reporting this issue. According to Comodo Dragon's reply,  this vulnerability was fixed in Chrome V47 (The latest version is V48).  Let us know if this issue still can be reproduced on the latest version of chrome. 

Cheers,

Comment 4 by evan.ric...@gmail.com, Mar 4 2016

I didn't test this issue on the latest version of Comodo but I think this was already fixed for the latest version for both comodo and chrome, but how about this old versions?

Project Member

Comment 5 by sheriffbot@chromium.org, Jun 10 2016

Labels: -Restrict-View-SecurityTeam

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Project Member

Comment 6 by sheriffbot@chromium.org, Oct 1 2016

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Project Member

Comment 7 by sheriffbot@chromium.org, Oct 2 2016

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 8 by mbarbe...@chromium.org, Oct 2 2016

Labels: allpublic

►

Issue 591944 link

Issue metadata

Security: Vulnerability Issue (UXSS in Comodo Dragon Browser Version 29.1.0.0)

Issue description

Comment 1 by evan.ric...@gmail.com, Mar 4 2016

Comment 1 Deleted

Comment 2 by evan.ric...@gmail.com, Mar 4 2016

Comment 2 Deleted

Comment 3 by jialiul@chromium.org, Mar 4 2016

Comment 3 Deleted

Comment 4 by evan.ric...@gmail.com, Mar 4 2016

Comment 4 Deleted

Comment 5 by sheriffbot@chromium.org, Jun 10 2016

Comment 5 Deleted

Comment 6 by sheriffbot@chromium.org, Oct 1 2016

Comment 6 Deleted

Comment 7 by sheriffbot@chromium.org, Oct 2 2016

Comment 7 Deleted

Comment 8 by mbarbe...@chromium.org, Oct 2 2016

Comment 8 Deleted

Sign in to add a comment