A Bugzilla Security Advisory reports:
The following security issues have been discovered in Bugzilla:
- Internet Explorer 8 and older, and Safari before 5.0.6 do content sniffing when viewing a patch in "Raw Unified" mode, which could trigger a cross-site scripting attack due to the execution of malicious code in the attachment.
- It is possible to determine whether or not certain group names exist while creating or updating bugs.
- Attachment descriptions with a newline in them could lead to the injection of crafted headers in email notifications sent to the requestee or the requester when editing an attachment flag.
- If an attacker has access to a user's session, he can modify that user's email address without that user being notified of the change.
- Temporary files for uploaded attachments are not deleted on Windows, which could let a user with local access to the server read them.
- Up to Bugzilla 3.4.11, if a BUGLIST cookie is compromised, it can be used to inject HTML code when viewing a bug report, leading to a cross-site scripting attack.
All affected installations are encouraged to upgrade as soon as possible.
Disclaimer: The data contained on this page is derived from the VuXML document, please refer to the the original document for copyright information. The author of portaudit makes no claim of authorship or ownership of any of the information contained herein.
If you have found a vulnerability in a FreeBSD port not listed in the database, please contact the FreeBSD Security Team. Refer to "FreeBSD Security Information" for more information.