User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2267.0 Safari/537.36 Steps to reproduce: Hi, Csrf in login still possible if a user clicks on a link which is hosted in bugzilla mains domain then while doing the login the page will check the 'referer' header. Reproduce: 1. go to https://landfill.bugzilla.org/bugzilla-tip/show_bug.cgi?id=24457 while YOU ARE NOT LOGGED IN LANDFILL 2. after that, click in the link on the bug's title. 3. noticed that you're now logged in landfill. Cheers,
This is not a cross-site vulnerability as the link you click must belong to the same domain as Bugzilla itself. This isn't a security bug either as we explicitly whitelist local URLs: # Else falls back to the Referer header and accept local URLs.
(In reply to Mario Gomes from comment #2) > Updates? Updates on what exactly? Do you have a specific question? Generally speaking: Nothing has happened here yet, otherwise it would be written in this task. :)