BugZilla DoEditVotes.CGI Login Error Information Leak Vulnerability

BugZilla DoEditVotes.CGI Login Error Information Leak Vulnerability

Bugzilla is the bug tracking software package by the Mozilla project. It can be configured to run on Microsoft Windows and various Unix/Linux platforms.

Sensitive information is disclosed to the user when a bad login to doeditvotes.cgi occurs, which may be potentially used for malicious purposes.

Disclosed information may be used to aid in an attempt to steal cookie-based authentication credentials.