FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

bugzilla -- Social Engineering

Affected packages
2.0.0 <= bugzilla40 < 4.0.12
4.1.1 <= bugzilla42 < 4.2.8
4.4.0 <= bugzilla44 < 4.4.3

Details

VuXML ID 60bfa396-c702-11e3-848c-20cf30e32f6d
Discovery 2014-04-17
Entry 2014-04-18
Modified 2014-04-18

A Bugzilla Security Advisory reports:

Dangerous control characters can be inserted into Bugzilla, notably into bug comments. If the text, which may look safe, is copied into a terminal such as xterm or gnome-terminal, then unexpected commands could be executed on the local machine.

References

URL https://bugzilla.mozilla.org/show_bug.cgi?id=968576