template/en/default · 065c567b63997acaf3d0c5619d240965bcf5fc5b · etersoft / bugzilla

Bug 619588: (CVE-2010-4567) [SECURITY] Safety checks that disallow clicking for… · 9244270a

authored Jan 24, 2011

Bug 619588: (CVE-2010-4567) [SECURITY] Safety checks that disallow clicking for javascript: or data: URLs in the URL field can be evaded with prefixed whitespace

and

Bug 628034: (CVE-2011-0048) [SECURITY] For not-logged-in users, the URL field doesn't safeguard against javascript: or data: URLs

r=dkl a=LpSolit

9244270a

Name	Last commit	Last update
..
account		Loading commit data...
admin		Loading commit data...
attachment		Loading commit data...
bug		Loading commit data...
email		Loading commit data...
extensions		Loading commit data...
flag		Loading commit data...
global		Loading commit data...
list		Loading commit data...
pages		Loading commit data...
reports		Loading commit data...
request		Loading commit data...
search		Loading commit data...
setup		Loading commit data...
whine		Loading commit data...
config.js.tmpl		Loading commit data...
config.rdf.tmpl		Loading commit data...
filterexceptions.pl		Loading commit data...
index.html.tmpl		Loading commit data...
welcome-admin.html.tmpl		Loading commit data...