git.ipfire.org Git - thirdparty/bugzilla.git/commit

]> git.ipfire.org Git - thirdparty/bugzilla.git/commit

projects / thirdparty / bugzilla.git / commit

author	Frédéric Buclin <LpSolit@gmail.com>
	Mon, 24 Jan 2011 18:29:39 +0000 (19:29 +0100)
committer	Frédéric Buclin <LpSolit@gmail.com>
	Mon, 24 Jan 2011 18:29:39 +0000 (19:29 +0100)
commit	9244270a7d1ca49e315a98c24d51bf405bfa2880
tree	46587cdf26360fd54abb79986d11c8b9234e4fe0	tree \| snapshot
parent	38eeecf6362b6dc17718c84a35dbbaea7cc15ccd	commit \| diff

Bug 619588: (CVE-2010-4567) [SECURITY] Safety checks that disallow clicking for javascript: or data: URLs in the URL field can be evaded with prefixed whitespace

and

Bug 628034: (CVE-2011-0048) [SECURITY] For not-logged-in users, the URL field doesn't safeguard against javascript: or data: URLs

r=dkl a=LpSolit

Mirror of https://github.com/bugzilla/bugzilla.git

RSS Atom

Bugzilla/Template.pm		diff \| blob \| blame \| history
template/en/default/attachment/edit.html.tmpl		diff \| blob \| blame \| history
template/en/default/bug/edit.html.tmpl		diff \| blob \| blame \| history
template/en/default/bug/show-multiple.html.tmpl		diff \| blob \| blame \| history