From af3e4c43b0ad6267669d2e987d6ae3acdde70253 Mon Sep 17 00:00:00 2001 From: Frédéric Buclin Date: Wed, 18 Apr 2012 19:00:42 +0200 Subject: Bug 745397: (CVE-2012-0466) [SECURITY] The JS template for buglists permits attackers to access all bugs that the victim can see r=glob a=LpSolit --- template/en/default/list/list.js.tmpl | 37 ----------------------------------- 1 file changed, 37 deletions(-) delete mode 100644 template/en/default/list/list.js.tmpl (limited to 'template') diff --git a/template/en/default/list/list.js.tmpl b/template/en/default/list/list.js.tmpl deleted file mode 100644 index 7e9664c43..000000000 --- a/template/en/default/list/list.js.tmpl +++ /dev/null @@ -1,37 +0,0 @@ -[%# The contents of this file are subject to the Mozilla Public - # License Version 1.1 (the "License"); you may not use this file - # except in compliance with the License. You may obtain a copy of - # the License at http://www.mozilla.org/MPL/ - # - # Software distributed under the License is distributed on an "AS - # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - # implied. See the License for the specific language governing - # rights and limitations under the License. - # - # The Original Code is the Bugzilla Bug Tracking System. - # - # The Initial Developer of the Original Code is Netscape Communications - # Corporation. Portions created by Netscape are - # Copyright (C) 1998 Netscape Communications Corporation. All - # Rights Reserved. - # - # Contributor(s): Gervase Markham - #%] - -// Note: only publicly-accessible bugs (those not in any group) will be -// listed when using this JavaScript format. This is to prevent malicious -// sites stealing information about secure bugs. - -bugs = new Array; - -[% FOREACH bug = bugs %] - bugs[[% bug.bug_id %]] = [ - [% FOREACH column = displaycolumns %] - "[%- bug.$column FILTER js -%]"[% "," UNLESS loop.last %] - [% END %] - ]; -[% END %] - -if (window.buglistCallback) { - buglistCallback(bugs); -} -- cgit v1.2.3-24-g4f1b