{"id":117,"date":"2014-08-26T21:01:11","date_gmt":"2014-08-26T21:01:11","guid":{"rendered":"http:\/\/devzing.com\/blog\/?p=117"},"modified":"2015-03-04T23:06:44","modified_gmt":"2015-03-04T23:06:44","slug":"bugzilla-accounts-upgraded-4-4-5","status":"publish","type":"post","link":"https:\/\/devzing.com\/blog\/index.php\/bugzilla-accounts-upgraded-4-4-5\/","title":{"rendered":"All Bugzilla Accounts Upgraded to 4.4.5"},"content":{"rendered":"<p>Bugzilla 4.4.5 is a security release which addresses the following issue:<\/p>\n<blockquote><p>Adobe does not properly restrict the SWF file format,\u00a0which allows remote attackers to conduct cross-site\u00a0request forgery (CSRF) attacks against Bugzilla&#8217;s JSONP\u00a0endpoint, possibly obtaining sensitive bug information,\u00a0via a crafted OBJECT element with SWF content satisfying\u00a0the character-set requirements of a callback API.<\/p><\/blockquote>\n<p>For more details see:\u00a0<a href=\"https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=1036213\">https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=1036213<\/a><\/p>\n<p>Interestingly this bug only seems to affect Firefox users.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Bugzilla 4.4.5 is a security release which addresses the following issue: Adobe does not properly restrict the SWF file format,\u00a0which allows remote attackers to conduct cross-site\u00a0request forgery (CSRF) attacks against Bugzilla&#8217;s JSONP\u00a0endpoint, possibly obtaining sensitive bug information,\u00a0via a crafted OBJECT element with SWF content satisfying\u00a0the character-set requirements of a callback API. For more details see:\u00a0https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=1036213 &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/devzing.com\/blog\/index.php\/bugzilla-accounts-upgraded-4-4-5\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;All Bugzilla Accounts Upgraded to 4.4.5&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5,4],"tags":[],"class_list":["post-117","post","type-post","status-publish","format-standard","hentry","category-bugzilla","category-news","entry"],"_links":{"self":[{"href":"https:\/\/devzing.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/117","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devzing.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devzing.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devzing.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/devzing.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=117"}],"version-history":[{"count":1,"href":"https:\/\/devzing.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/117\/revisions"}],"predecessor-version":[{"id":118,"href":"https:\/\/devzing.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/117\/revisions\/118"}],"wp:attachment":[{"href":"https:\/\/devzing.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=117"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devzing.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=117"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devzing.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=117"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}