BugZilla BugList.CGI SQL Query Manipulation Vulnerability

BugZilla BugList.CGI SQL Query Manipulation Vulnerability

Solution:
This issue has been addressed by the vendor is versions 2.14.1 and later. Users are advised to upgrade to the most recent version.

It should also be noted that users who are running version 2.15 checked out of
cvs prior to 15 December 2001 are strongly recommended to use 'cvs update' to obtain the current cvs code.

Mozilla Bugzilla 2.10

Mozilla bugzilla-LATEST.tar.gz
http://ftp.mozilla.org/pub/webtools/bugzilla-LATEST.tar.gz

Mozilla Bugzilla 2.12

Mozilla bugzilla-LATEST.tar.gz
http://ftp.mozilla.org/pub/webtools/bugzilla-LATEST.tar.gz

Mozilla Bugzilla 2.14

Mozilla bugzilla-LATEST.tar.gz
http://ftp.mozilla.org/pub/webtools/bugzilla-LATEST.tar.gz

Mozilla Bugzilla 2.4

Mozilla bugzilla-LATEST.tar.gz
http://ftp.mozilla.org/pub/webtools/bugzilla-LATEST.tar.gz

Mozilla Bugzilla 2.6

Mozilla bugzilla-LATEST.tar.gz
http://ftp.mozilla.org/pub/webtools/bugzilla-LATEST.tar.gz

Mozilla Bugzilla 2.8

Mozilla bugzilla-LATEST.tar.gz
http://ftp.mozilla.org/pub/webtools/bugzilla-LATEST.tar.gz