Vulnerabilities closed in Bugzilla
Six vulnerabilities in all had been found in the popular Bugzilla bug tracking system. They could have allowed attackers to spy on information or conduct cross-site scripting attacks. Administrators might also have been tricked into unintentionally deleting or modifying entries in the database by clicking on manipulated links. The names of files and the deadline for entries could also be viewed.
The developers urgently recommend upgrading to the new versions 2.18.6, 2.20.3 or 2.22.1. Developer versions through 2.23.2 are also vulnerable. The error is removed starting with version 2.23.2, however.
- 2.18.5, 2.20.2, 2.22, and 2.23.2 Security Advisory, Advisory from Bugzilla