Mozilla Bugzilla HTML Injection And Information disclosure Vulnerabilities

Mozilla Bugzilla HTML Injection And Information disclosure Vulnerabilities

Bugzilla is prone to an information-disclosure and an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input and to protect sensitive information from unauthorized users.

Attackers may exploit these issues to execute script code in the context of the affected site or to obtain sensitive information. Arbitrary code execution may allow attackers to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

Bugzilla 2.20.1 and above are affected by the HTML-injection vulnerability; only the development snapshot version 2.23.3 is vulnerable to the information-disclosure issue.