Mozilla Bugzilla Multiple Input Validation and Information disclosure Vulnerabilities

Mozilla Bugzilla Multiple Input Validation and Information disclosure Vulnerabilities

Bugzilla is affected by multiple input-validation and information-disclosure vulnerabilities because the application fails to properly sanitize user-supplied input and to protect sensitive information from unauthorized users.

An attacker can leverage these issues to access attachment and deadline information that are marked private or are otherwise protected and to conduct cross-site scripting and HTML-injection attacks. Exploiting these input-validation issues may allow attackers to steal cookie-based authentication credentials and to launch other attacks.

Versions 2.18.5, 2.20.2, 2.22, and 2.23.2 are affected by these vulnerabilities.