Hi All,
Second MediaWiki 1.6.5 JavaScript Execution Vulnerability in the Parser.
Unlike the previous one, this one affects the live Wikipedia too (i.e. tidy does not prevent it).
Vuln is here: http://nickj.org/MediaWiki/Parser25 And also on the wikipedia here: http://en.wikipedia.org/wiki/User:Nickj/JS-vuln-2
And the full list of Parser problems is here: http://nickj.org/MediaWiki (Anything with yellow or red in the "Security aspects?" column is a potential or actual JS execution problem, respectively; everything else is an HTML validation problem).
All the best, Nick.
Nick Jenkins wrote:
Unlike the previous one, this one affects the live Wikipedia too (i.e. tidy does not prevent it).
Vuln is here: http://nickj.org/MediaWiki/Parser25
Fixed in r14349. I'll go over your others and put out fix releases shortly.
One-line patch available here: http://svn.wikimedia.org/viewvc/mediawiki?view=rev&revision=14349
-- brion vibber (brion @ pobox.com)
wikitech-l@lists.wikimedia.org