CVE-2011-2379

Name of the Vulnerable Software and Affected Versions Bugzilla versions 2.4 through 2.22.7 Bugzilla versions 3.0.x through 3.3.x Bugzilla versions 3.4.x before 3.4.12 Bugzilla versions 3.5.x Bugzilla versions 3.6.x before 3.6.6 Bugzilla versions 3.7.x Bugzilla versions 4.0.x before 4.0.2 Bugzilla versions 4.1.x before 4.1.3

Description A cross-site scripting (XSS) issue exists when using Internet Explorer before 9 or Safari before 5.0.6 in Raw Unified mode, allowing remote attackers to inject arbitrary web script or HTML via a crafted patch, related to content sniffing.

Recommendations For Bugzilla versions 2.4 through 2.22.7, update to a version outside of this range to resolve the issue. For Bugzilla versions 3.0.x through 3.3.x, update to a version outside of this range to resolve the issue. For Bugzilla versions 3.4.x before 3.4.12, update to version 3.4.12 or later to resolve the issue. For Bugzilla versions 3.5.x, update to a version outside of this range to resolve the issue. For Bugzilla versions 3.6.x before 3.6.6, update to version 3.6.6 or later to resolve the issue. For Bugzilla versions 3.7.x, update to a version outside of this range to resolve the issue. For Bugzilla versions 4.0.x before 4.0.2, update to version 4.0.2 or later to resolve the issue. For Bugzilla versions 4.1.x before 4.1.3, update to version 4.1.3 or later to resolve the issue.