• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

BugZilla UserPrefs.CGI Groupset Form Element Manipulation Vulnerability

Bugzilla is the bug tracking software package by the Mozilla project. It can be configured to run on Microsoft Windows and various Unix/Linux platforms.

It is possible for a user to change their groupset. The attacker may manipulate form elements to supply their own value for the 'mybugslink' variable in the userprefs form.

This issue may allow a malicious user to view bug information in other groups.