Bug 619588: (CVE-2010-4567) [SECURITY] Safety checks that disallow clicking for…
Bug 619588: (CVE-2010-4567) [SECURITY] Safety checks that disallow clicking for javascript: or data: URLs in the URL field can be evaded with prefixed whitespace
and
Bug 628034: (CVE-2011-0048) [SECURITY] For not-logged-in users, the URL field doesn't safeguard against javascript: or data: URLs
r=dkl a=LpSolit
Showing
Please
register
or
sign in
to comment