git.ipfire.org Git - thirdparty/bugzilla.git/commit

]> git.ipfire.org Git - thirdparty/bugzilla.git/commit

projects / thirdparty / bugzilla.git / commit

author	Frédéric Buclin <LpSolit@gmail.com>
	Mon, 24 Jan 2011 18:36:51 +0000 (19:36 +0100)
committer	Frédéric Buclin <LpSolit@gmail.com>
	Mon, 24 Jan 2011 18:36:51 +0000 (19:36 +0100)
commit	d9b49313b721ef0810f33562dec23787320a473a
tree	b2edaf801b16c1188770c1bc639076a5ba0d2ece	tree
parent	2eb6a30dd32f4e57cd9425ce19f82e37b69d3748	commit \| diff

Bug 619588: (CVE-2010-4567) [SECURITY] Safety checks that disallow clicking for javascript: or data: URLs in the URL field can be evaded with prefixed whitespace

and

Bug 628034: (CVE-2011-0048) [SECURITY] For not-logged-in users, the URL field doesn't safeguard against javascript: or data: URLs

r=dkl a=LpSolit

Bugzilla/Template.pm		diff \| blob \| blame \| history
template/en/default/bug/edit.html.tmpl		diff \| blob \| blame \| history
template/en/default/bug/show-multiple.html.tmpl		diff \| blob \| blame \| history

Mirror of https://github.com/bugzilla/bugzilla.git

RSS Atom