From 6c81a8674ac77562584d5033561f8b4d947f23bb Mon Sep 17 00:00:00 2001 From: Frédéric Buclin Date: Tue, 31 Jan 2012 16:39:50 +0100 Subject: Bug 714472: (CVE-2012-0448) [SECURITY] utf8 homoglyphs are allowed in email addresses, which could allow an attacker to be CC'ed to private bugs by accident r=glob a=LpSolit --- template/en/default/global/code-error.html.tmpl | 3 +-- template/en/default/global/user-error.html.tmpl | 5 ++--- 2 files changed, 3 insertions(+), 5 deletions(-) (limited to 'template/en/default') diff --git a/template/en/default/global/code-error.html.tmpl b/template/en/default/global/code-error.html.tmpl index 5dce16976..f100df994 100644 --- a/template/en/default/global/code-error.html.tmpl +++ b/template/en/default/global/code-error.html.tmpl @@ -48,8 +48,7 @@ [% ELSE %] [%+ Param('emailregexpdesc') FILTER html_light %] [% END %] - It must also not contain any of these special characters: - \ ( ) & < > , ; : " [ ], or any whitespace. + It also must not contain any illegal characters. [% ELSIF error == "authres_unhandled" %] The result value of [% value FILTER html %] was not handled by diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl index 723f92042..dc0a94ac7 100644 --- a/template/en/default/global/user-error.html.tmpl +++ b/template/en/default/global/user-error.html.tmpl @@ -851,9 +851,8 @@ [% ELSE %] [%+ Param('emailregexpdesc') FILTER html_light %] [% END %] - It must also not contain any of these special characters: - \ ( ) & < > , ; : " [ ], or any whitespace. - + It also must not contain any illegal characters. + [% ELSIF error == "illegal_frequency" %] [% title = "Too Frequent" %] Unless you are an administrator, you may not create series which are -- cgit v1.2.3-24-g4f1b From 0b14241a7c307a2619cb67cee42086b30fa03795 Mon Sep 17 00:00:00 2001 From: Frédéric Buclin Date: Tue, 31 Jan 2012 17:01:20 +0100 Subject: (CVE-2012-0440) [SECURITY] JSON-RPC permits to bypass token checks and can lead to CSRF (no victim's action required) r=mkanat a=LpSolit https://bugzilla.mozilla.org/show_bug.cgi?id=718319 --- template/en/default/global/user-error.html.tmpl | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'template/en/default') diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl index dc0a94ac7..9e99dae15 100644 --- a/template/en/default/global/user-error.html.tmpl +++ b/template/en/default/global/user-error.html.tmpl @@ -1018,6 +1018,11 @@ parameter. See the documentation at [%+ docs_urlbase FILTER html %]api/Bugzilla/WebService/Server/JSONRPC.html + [% ELSIF error == "json_rpc_illegal_content_type" %] + When using JSON-RPC over POST, you cannot send data as + [%+ content_type FILTER html %]. Only application/json and + application/json-rpc are allowed. + [% ELSIF error == "json_rpc_invalid_params" %] Could not parse the 'params' argument as valid JSON. Error: [% err_msg FILTER html %] -- cgit v1.2.3-24-g4f1b