I was able to perform a csrf vulnerability to log out a user. The logout proces should have a token to prevent this. Laurens,
Assignee: nobody → user-accounts
Component: General → User Accounts
OS: Windows 7 → All
Product: bugzilla.mozilla.org → Bugzilla
QA Contact: general → default-qa
Hardware: x86_64 → All
Version: Production → 4.2.1
I really don't want a token to log out a user. This process must remain simple. You cannot do any harm anyway. This may be annoying if someone abuses this, but harmless.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.