path: root/buglist.cgi
diff options
authorFrédéric Buclin <>2012-04-18 18:58:04 +0200
committerFrédéric Buclin <>2012-04-18 18:58:04 +0200
commit811987d677a4117f09b032e3935aff9accdc133d (patch)
treed26d58e0f7bd7b41ad86b3cf7c2e8c75a1972c90 /buglist.cgi
parent8dd0e8193d51f243b547cc0f4f21f5b3a1375ff2 (diff)
Bug 745397: (CVE-2012-0466) [SECURITY] The JS template for buglists permits attackers to access all bugs that the victim can see
r=glob a=LpSolit
Diffstat (limited to 'buglist.cgi')
1 files changed, 0 insertions, 10 deletions
diff --git a/buglist.cgi b/buglist.cgi
index 79bf94381..885e50478 100755
--- a/buglist.cgi
+++ b/buglist.cgi
@@ -95,16 +95,6 @@ if (defined $cgi->param('ctype') && $cgi->param('ctype') eq "rss") {
$cgi->param('ctype', "atom");
-# The js ctype presents a security risk; a malicious site could use it
-# to gather information about secure bugs. So, we only allow public bugs to be
-# retrieved with this format.
-# Note that if and when this call clears cookies or has other persistent
-# effects, we'll need to do this another way instead.
-if ((defined $cgi->param('ctype')) && ($cgi->param('ctype') eq "js")) {
- Bugzilla->logout_request();
# An agent is a program that automatically downloads and extracts data
# on its user's behalf. If this request comes from an agent, we turn off
# various aspects of bug list functionality so agent requests succeed