Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-201-2979 CVE-2010-4567 CVE-2010-4568 CVE-2010-4572 CVE-2011-0046 CVE-2011-0048 CVE-2011-2379 CVE-2011-2380 CVE-2011-2381 CVE-2011-2978
Several vulnerabilities were discovered in Bugzilla, a web-based bug tracking system.
CVE-2010-4572
By inserting particular strings into certain URLs, it was possible to inject both headers and content to any browser.
CVE-2010-4567, CVE-2011-0048
Bugzilla has a "URL" field that can contain several types of URL, including "javascript:" and "data:" URLs. However, it does not make "javascript:" and "data:" URLs into clickable links, to protect against cross-site scripting attacks or other attacks. It was possible to bypass this protection by adding spaces into the URL in places that Bugzilla did not expect them. Also, "javascript:" and "data:" links were always shown as clickable to logged-out users.
CVE-2010-4568
It was possible for a user to gain unauthorized access to any Bugzilla account in a very short amount of time (short enough that the attack is highly effective).
CVE-2011-0046
Various pages were vulnerable to Cross-Site Request Forgery attacks. Most of these issues are not as serious as previous CSRF vulnerabilities.
CVE-2011-2978
When a user changes his email address, Bugzilla trusts a user-modifiable field for obtaining the current e-mail address to send a confirmation message to. If an attacker has access to the session of another user (for example, if that user left their browser window open in a public place), the attacker could alter this field to cause the email-change notification to go to their own address. This means that the user would not be notified that his account had its email address changed by the attacker.
CVE-2011-2381
For flagmails only,...
3.6.2.0-4.4