BMO/Recent Changes/2016-03

From MozillaWiki
Jump to: navigation, search


  • bug 1251236 Please show the diff on the attachment details page when a patch has been reviewed in MozReview
  • bug 1259266 Private attachments when viewing a bug are indistinguishable from any other attachment.
  • bug 1253718 CRM/Email request form


  • bug 1251442 Update VP list in Recruiting Product
  • bug 1256954 Multiple Selenium cases are failing after the commit of bug 1253914
  • bug 1252782 can't add a "See Also" to a Chromium bug on
  • bug 1258547 XSS through javascript: callback URLs in auth delegation


  • bug 1255272 Adding a flag via the MozReview batch-attachment API doesn't CC the user
  • bug 1229834 extend information we [audit] log to the syslog


  • bug 1253483 MozReview.attachments() doesn't create flags on new attachments
  • bug 1254542 Reflected XSS in comment-remo-form-payment.txt page
  • bug 1254675 bug_modal template fails to escape format parameter
  • bug 1254227 MozReview auth delegation allows sending out phishing mails via Bugzilla
  • bug 1253914 Cross domain referer leakage when resetting the user password
  • bug 1252578 CSRF and SELECT-only SQL execution attack against query_database.html



  • bug 1251047 /rest/bug/field takes 15-25 seconds to return
  • bug 1252219 Attachment bounty form is vulnerable to CSRF and persistent XSS
  • bug 1252216 Push extension configuration is vulnerable to CSRF
  • bug 1252210 AntiSpam configuration is vulnerable to CSRF and persistent XSS
  • bug 1252437 XSS vulnerability through malicious bug aliases