CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
93.9%
A Bugzilla Security Advisory reports:
This advisory covers three security issues that have recently been
fixed in the Bugzilla code:
A weakness in Bugzilla could allow a user to gain unauthorized
access to another Bugzilla account.
A weakness in the Perl CGI.pm module allows injecting HTTP
headers and content to users via several pages in Bugzilla.
If you put a harmful “javascript:” or “data:” URL into
Bugzilla’s “URL” field, then there are multiple situations in
which Bugzilla will unintentionally make that link clickable.
Various pages lack protection against cross-site request
forgeries.
All affected installations are encouraged to upgrade as soon as
possible.
bugzilla.mozilla.org/show_bug.cgi?id=591165
bugzilla.mozilla.org/show_bug.cgi?id=619588
bugzilla.mozilla.org/show_bug.cgi?id=619594
bugzilla.mozilla.org/show_bug.cgi?id=621090
bugzilla.mozilla.org/show_bug.cgi?id=621105
bugzilla.mozilla.org/show_bug.cgi?id=621107
bugzilla.mozilla.org/show_bug.cgi?id=621108
bugzilla.mozilla.org/show_bug.cgi?id=621109
bugzilla.mozilla.org/show_bug.cgi?id=621110
bugzilla.mozilla.org/show_bug.cgi?id=621572
bugzilla.mozilla.org/show_bug.cgi?id=621591
bugzilla.mozilla.org/show_bug.cgi?id=628034