PT-2011-2044 · Mozilla · Bugzilla
Michael Brooks
+1
·
Published
2011-01-28
·
Updated
2017-08-17
·
CVE-2011-0048
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Bugzilla versions 3.2.x through 3.2.9
Bugzilla versions 3.4.x through 3.4.9
Bugzilla versions 3.6.x through 3.6.3
Bugzilla versions 4.0.x through 4.0rc1
Description
The issue allows remote attackers to conduct cross-site scripting (XSS) attacks against logged-out users via a crafted URI, specifically by creating a clickable link for a
javascript: or data: URI in the URL field.Recommendations
For Bugzilla versions 3.2.x through 3.2.9, update to version 3.2.10 or later.
For Bugzilla versions 3.4.x through 3.4.9, update to version 3.4.10 or later.
For Bugzilla versions 3.6.x through 3.6.3, update to version 3.6.4 or later.
For Bugzilla versions 4.0.x through 4.0rc1, update to version 4.0rc2 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bugzilla