Multiple Mozilla Bugzilla Vulnerabilities

Multiple Mozilla Bugzilla Vulnerabilities

References:

2.16.5, 2.17.7 Security Advisory (Mozilla)
Browser hangs while performing editusers.cgi - updated users page is shown incom (Felix Hieronymi )
duplicates.cgi reveals products user doesnt have access to (Gabriel Millerd )
editusers 'query' parameter should be removed (byron jones (glob) )
If database is stopped, error message divulges DB password (Joel Peshkin )
Password exposed in URL to chart image if login required to access a chart (Dave Miller )
product field on edit-multiple includes products the user doesn't have access to (Laran Evans )
Url-parameter XSS vulnerability in edit*.cgi (Jouni Heikniemi )
[BUGZILLA] Multiple vulnerabilities in Bugzilla 2.16.5 and 2.17.7 (David Miller )

Privacy Statement
Copyright 2010, SecurityFocus