[Contribution] Mozilla – HTTP Response Spliting, Reflected & Stored XSS
![](https://www.asafety.fr/wp-content/uploads/mozilla_logo.jpg)
A subdomain of Mozilla.org has several XSS vulnerabilities and an HTTP Response Splitting vulnerability.
This article illustrates the exploitation of an HRS (HTTP Response Splitting) in order to elevate it in a reflected XSS through a concrete example: Mozilla. When searching for vulnerable (sub)-domains as part of a Bug Bounty program, the subdomain dictionary attack. Read more