FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

bugzilla -- multiple vulnerabilities

Affected packages
4.0.0 <= bugzilla < 4.0.11
4.2.0 <= bugzilla < 4.2.7
4.4 <= bugzilla < 4.4.1
4.0.0 <= bugzilla40 < 4.0.11
4.2.0 <= bugzilla40 < 4.2.7
4.4 <= bugzilla40 < 4.4.1
4.0.0 <= bugzilla42 < 4.0.11
4.2.0 <= bugzilla42 < 4.2.7
4.4 <= bugzilla42 < 4.4.1
4.0.0 <= bugzilla44 < 4.0.11
4.2.0 <= bugzilla44 < 4.2.7
4.4 <= bugzilla44 < 4.4.1

Details

VuXML ID e135f0c9-375f-11e3-80b7-20cf30e32f6d
Discovery 2013-10-16
Entry 2013-10-17

A Bugzilla Security Advisory reports:

Cross-Site Request Forgery

When a user submits changes to a bug right after another user did, a midair collision page is displayed to inform the user about changes recently made. This page contains a token which can be used to validate the changes if the user decides to submit his changes anyway. A regression in Bugzilla 4.4 caused this token to be recreated if a crafted URL was given, even when no midair collision page was going to be displayed, allowing an attacker to bypass the token check and abuse a user to commit changes on his behalf.

Cross-Site Request Forgery

When an attachment is edited, a token is generated to validate changes made by the user. Using a crafted URL, an attacker could force the token to be recreated, allowing him to bypass the token check and abuse a user to commit changes on his behalf.

Cross-Site Scripting

Some parameters passed to editflagtypes.cgi were not correctly filtered in the HTML page, which could lead to XSS.

Cross-Site Scripting

Due to an incomplete fix for CVE-2012-4189, some incorrectly filtered field values in tabular reports could lead to XSS.

References

CVE Name CVE-2013-1733
CVE Name CVE-2013-1734
CVE Name CVE-2013-1742
CVE Name CVE-2013-1743
URL https://bugzilla.mozilla.org/show_bug.cgi?id=911593
URL https://bugzilla.mozilla.org/show_bug.cgi?id=913904
URL https://bugzilla.mozilla.org/show_bug.cgi?id=924802
URL https://bugzilla.mozilla.org/show_bug.cgi?id=924932