Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add UXSS for browser plugins and browser #85

Closed
Abr1k0sHelm opened this issue Sep 12, 2017 · 3 comments
Closed

Add UXSS for browser plugins and browser #85

Abr1k0sHelm opened this issue Sep 12, 2017 · 3 comments
Labels
question

Comments

@Abr1k0sHelm
Copy link

As per the VRT UXSS is a P4. But there is a feeling that here it is in the context of the security of the web site, and not browser plug-ins / browsers. I mean that when you made the VRT, you probably had in view of vulnerabilities like CVE 2015-0072 (you must put the x-frame-options header at your site to protect).
Please add UXSS (SOP bypass) for browsers and browser plug-ins (looks like this should be P2 or P1). If i can inject js at every site - it seems to be not P4.

Examples:
CVE-2016-5208
CVE-2016-5207
CVE-2016-5205
https://www.blackhat.com/docs/asia-16/materials/asia-16-Baloch-Bypassing-Browser-Security-Policies-For-Fun-And-Profit.pdf
etc..
@plr0man
Copy link
Contributor

plr0man commented Sep 15, 2017
edited by barnett
Loading

In case we were running a program for a specific browser or plugin, P4 would clearly not apply as we would be looking at a different impact and different rating methodology. The priority could go as high as P1, but what you describe would be an exceptional scenario and adding an entry for every possible exception is just not something we can do. Fortunately the VRT allows us to adjust the default priority on a case by case basis. You can learn more about our rating methodology from the VRT PDF that can be found on this page.

Hope this clarifies things. Let me know if you have any other questions.

@Abr1k0sHelm
Copy link
Author

I report a vulnerability in the browser plug-in that allows you to execute js in the context of any site and in the context of the plugin itself (UXSS - SOP bypass). But due to the fact that on this page https://bugcrowd.com/vulnerability-rating-taxonomy UXSS is specified as P4 - the vulnerabilities set the priority of P4

@plr0man
Copy link
Contributor

plr0man commented Sep 18, 2017

The paragraphs below (which can be found in the PDF mentioned earlier) provide good insight into how we use the VRT guidelines and how to go about upgrading the priority:

Priority is a Baseline
The recommended priority, from Priority 1 (P1) to Priority 5 (P5), is a baseline. That
having been said, while this baseline priority might apply without context, it’s possible
that application complexity, bounty brief restrictions, or unusual impact could result in
a different rating. As a customer, it’s important to weigh the VRT alongside your internal
application security ratings.

For bug hunters, if you think a bug’s impact warrants reporting despite the VRT’s
guidelines, or that the customer has misunderstood the threat scenario, we encourage
you to submit the issue regardless and use the Bugcrowd Crowdcontrol commenting
system to clearly communicate your reasoning.

@plr0man plr0man closed this as completed Sep 21, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Abr1k0sHelm @plr0man