From 811987d677a4117f09b032e3935aff9accdc133d Mon Sep 17 00:00:00 2001 From: Frédéric Buclin Date: Wed, 18 Apr 2012 18:58:04 +0200 Subject: Bug 745397: (CVE-2012-0466) [SECURITY] The JS template for buglists permits attackers to access all bugs that the victim can see r=glob a=LpSolit --- buglist.cgi | 10 ---------- 1 file changed, 10 deletions(-) (limited to 'buglist.cgi') diff --git a/buglist.cgi b/buglist.cgi index 79bf94381..885e50478 100755 --- a/buglist.cgi +++ b/buglist.cgi @@ -95,16 +95,6 @@ if (defined $cgi->param('ctype') && $cgi->param('ctype') eq "rss") { $cgi->param('ctype', "atom"); } -# The js ctype presents a security risk; a malicious site could use it -# to gather information about secure bugs. So, we only allow public bugs to be -# retrieved with this format. -# -# Note that if and when this call clears cookies or has other persistent -# effects, we'll need to do this another way instead. -if ((defined $cgi->param('ctype')) && ($cgi->param('ctype') eq "js")) { - Bugzilla->logout_request(); -} - # An agent is a program that automatically downloads and extracts data # on its user's behalf. If this request comes from an agent, we turn off # various aspects of bug list functionality so agent requests succeed -- cgit v1.2.3-65-gdbad