Happy BMO Push Day!

the following changes have been pushed to bugzilla.mozilla.org:

  • [1253483] MozReview.attachments() doesn’t create flags on new attachments
  • [1254542] Reflected XSS in comment-remo-form-payment.txt page
  • [1254675] bug_modal template fails to escape format parameter
  • [1254227] MozReview auth delegation allows sending out phishing mails via Bugzilla
  • [1253914] Cross domain referer leakage when resetting the user password
  • [1252578] CSRF and SELECT-only SQL execution attack against query_database.html

discuss these changes on mozilla.tools.bmo.


About dlawrence

Currently I work mostly on Bugzilla for the Mozilla Corporation and before that I worked for many years for Red Hat, Inc. I love playing with new technologies such as Linux, mobile devices, as well as constantly trying to improve my novice programming skills.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: