Max Kanat-Alexander

**Name of the Vulnerable Software and Affected Versions** Opera (affected versions not specified) **Description** The issue is related to Opera's inability to properly restrict modifications to cookies established in HTTPS sessions. This allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response. The problem is connected to the lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, which is described as a "cookie forcing" issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apple Safari (affected versions not specified) **Description** The issue is related to Apple Safari's inability to properly restrict modifications to cookies established in HTTPS sessions. This allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response. The problem is connected to the lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, which is described as a "cookie forcing" issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bugzilla versions 2.16rc1 through 2.22.7 Bugzilla versions 3.0.x through 3.3.x Bugzilla versions 3.4.x before 3.4.12 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via vectors involving a `BUGLIST` cookie. This can lead to the execution of malicious scripts on the victim's browser. **Recommendations** For versions 2.16rc1 through 2.22.7, update to a version outside of this range to resolve the issue. For versions 3.0.x through 3.3.x, update to version 3.4.12 or later to resolve the issue. For versions 3.4.x before 3.4.12, update to version 3.4.12 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Bugzilla versions 2.14 through 2.22.7 Bugzilla versions 3.0.x through 3.2.x before 3.2.10 Bugzilla versions 3.4.x before 3.4.10 Bugzilla versions 3.6.x before 3.6.4 Bugzilla versions 4.0.x before 4.0rc2 **Description** The issue is related to the insufficient generation of random values for cookies and tokens, allowing remote attackers to obtain access to arbitrary accounts. This is due to an insufficient number of calls to the `srand` function. **Recommendations** For versions 2.14 through 2.22.7, update to a version after 2.22.7 to resolve the issue. For versions 3.0.x through 3.2.x before 3.2.10, update to version 3.2.10 or later. For versions 3.4.x before 3.4.10, update to version 3.4.10 or later. For versions 3.6.x before 3.6.4, update to version 3.6.4 or later. For versions 4.0.x before 4.0rc2, update to version 4.0rc2 or later.

**Name of the Vulnerable Software and Affected Versions** Bugzilla versions 3.5.1 through 3.6.1 Bugzilla versions 3.7 through 3.7.1 **Description** The issue allows local users to obtain potentially sensitive data by reading files in certain directories. This occurs when the use suexec option is enabled. The affected directories include .bzr and data/webdot, which have world-readable permissions. **Recommendations** For Bugzilla versions 3.5.1 through 3.6.1, consider changing the permissions of the .bzr and data/webdot directories to prevent world-readable access. For Bugzilla versions 3.7 through 3.7.1, consider changing the permissions of the .bzr and data/webdot directories to prevent world-readable access.

Name of the Vulnerable Software and Affected Versions: Bugzilla versions 3.4rc1 through 3.4.1 Description: The issue allows context-dependent attackers to discover passwords by reading web-server access logs, web-server Referer logs, or the browser history. This occurs when the `token.cgi` script places a password in a URL at the beginning of a login session that happens immediately after a password reset. Recommendations: For Bugzilla versions 3.4rc1 through 3.4.1, consider updating to a version where this issue is resolved to prevent password exposure through log files or browser history.

Name of the Vulnerable Software and Affected Versions: Bugzilla versions 3.3.2 through 3.4.1 Bugzilla version 3.5 Description: A SQL injection issue exists in the Bug.search WebService function, allowing remote attackers to execute arbitrary SQL commands via unspecified parameters. Recommendations: For Bugzilla versions 3.3.2 through 3.4.1, update to a version that fixes this issue. For Bugzilla version 3.5, update to a version that fixes this issue. As a temporary workaround, consider restricting access to the Bug.search WebService function until a patch is available.

Name of the Vulnerable Software and Affected Versions: Bugzilla versions 2.23.4 through 3.0.8 Bugzilla versions 3.1.1 through 3.2.4 Bugzilla versions 3.3.1 through 3.4.1 Description: The issue allows remote attackers to execute arbitrary SQL commands via unspecified parameters in the Bug.create WebService function. Recommendations: For versions 2.23.4 through 3.0.8, update to a version outside of this range to mitigate the risk. For versions 3.1.1 through 3.2.4, update to a version outside of this range to mitigate the risk. For versions 3.3.1 through 3.4.1, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to the Bug.create WebService function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Bugzilla versions 2.x through 2.22.6 Bugzilla versions 3.0 through 3.0.6 Bugzilla versions 3.2 through 3.2.0 Bugzilla versions 3.3 through 3.3.1 **Description** The issue allows remote authenticated users to conduct cross-site scripting (XSS) and related attacks. This is achieved by uploading HTML and JavaScript attachments that are rendered by web browsers. **Recommendations** For Bugzilla versions 2.x through 2.22.6, update to version 2.22.7 or later. For Bugzilla versions 3.0 through 3.0.6, update to version 3.0.7 or later. For Bugzilla versions 3.2 through 3.2.0, update to version 3.2.1 or later. For Bugzilla versions 3.3 through 3.3.1, update to version 3.3.2 or later.

**Name of the Vulnerable Software and Affected Versions** Bugzilla versions 3.0.7, 3.2.1, 3.3.2 **Description** The issue allows remote attackers to bypass cross-site request forgery protection mechanisms and conduct unauthorized activities as other users due to insufficiently random numbers generated for random tokens. This occurs when Bugzilla is running under mod perl and calls the srand function at startup time, causing Apache children to have the same seed. **Recommendations** For versions 3.0.7, 3.2.1, and 3.3.2, consider reseeding the random number generator for each Apache child process to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bugzilla versions prior to 3.2.1 Bugzilla versions 3.3 before 3.3.2 **Description** A cross-site request forgery issue allows remote attackers to perform actions as other users by tricking them into clicking a link or accessing an image that points to the /process bug.cgi API endpoint. This could lead to unauthorized bug updating activities. **Recommendations** For Bugzilla versions prior to 3.2.1, update to version 3.2.1 or later to resolve the issue. For Bugzilla versions 3.3 before 3.3.2, update to version 3.3.2 or later to resolve the issue.