A Bugzilla Security Advisory reports:
- Sometimes the information put into the <h1> and
<h2> tags in Bugzilla was not properly escaped,
leading to a possible XSS vulnerability.
- Bugzilla administrators were allowed to put raw,
unfiltered HTML into many fields in Bugzilla, leading to
a possible XSS vulnerability. Now, the HTML allowed in
those fields is limited.
- attachment.cgi could leak the names of private
attachments
- The "deadline" field was visible in the XML format of
a bug, even to users who were not a member of the
"timetrackinggroup."
- A malicious user could pass a URL to an admin, and
make the admin delete or change something that he had
not intended to delete or change.
- It is possible to inject arbitrary HTML into the
showdependencygraph.cgi page, allowing for a cross-site
scripting attack.