Opened 11 years ago

Closed 11 years ago

#1662 closed Bug (invalid)

HTTP MSIE Multiple Style Tags Code Exec

Reported by: Sander Owned by:
Priority: Normal Milestone:
Component: General Version: FCKeditor 2.5
Keywords: Pending WorksForMe Cc:

Description

Norton Symantec Antivirus (version 14.0.4.1) gives me this security threat: http://www.symantec.com/avcenter/attack_sigs/s21657.html

I use FireFox (not IE)

Change History (5)

comment:1 Changed 11 years ago by Alfonso Martínez de Lizarrondo

Keywords: Pending added

I have downloaded their demo version (15.0.0.58) and it doesn't give me any warning trying to load http://www.fckeditor.net/demo

Do you see the error in any page with FCKeditor?
does it happens with previous versions (2.4.3 ...)?
I guess that it also happens if you try to use IE, correct?

comment:2 Changed 11 years ago by Jesse Brand

Symantec Antivirus (using version 14.0.3.3) identifies the editor as a HTTP MSIE Multiple Style Tags Exec. This only seems to occur when running a web application locally. I also have not been able to reproduce this in IE(7) but I have encountered it on FF2.0.0.11 and I believe previous versions had this problem as well.

The specific threat check can be disabled in the worm protection in Symantec but that's just a workaround. The issue did not arise in previous versions of the FCKeditor.

The following message can be obtained in the error console: uncaught exception: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIXMLHttpRequest.send]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: http://****/fckeditor-2.5.0/editor/js/fckeditorcode_gecko.js :: anonymous :: line 67" data: no]

comment:3 Changed 11 years ago by Frederico Caldeira Knabben

Keywords: Pending removed

comment:4 Changed 11 years ago by Wojciech Olchawa

Keywords: Pending WorksForMe added

I've tried to reproduce this bug with Norton Antivirus 15.5.0.23. I've tested FCKeditor 2.6 and the SVN version on IE and FF2 and didn't encounter any security threats.

Does the bug still occur to you in with the current release of FCKeditor?

Please let us know.

comment:5 Changed 11 years ago by Frederico Caldeira Knabben

Resolution: invalid
Status: newclosed

Expired.

Note: See TracTickets for help on using tickets.
© 2003 – 2019 CKSource – Frederico Knabben. All rights reserved. | Terms of use | Privacy policy