Template.pm in Bugzilla 3.3.2 up to and including 3.4.3 and 3.5 up to and including 3.5.1 allows remote malicious users to discover the alias of a private bug by reading the (1) Depends On or (2) Blocks field of a related bug.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla bugzilla 3.4 |
||
mozilla bugzilla 3.4.2 |
||
mozilla bugzilla 3.3.2 |
||
mozilla bugzilla 3.5 |
||
mozilla bugzilla 3.4.1 |
||
mozilla bugzilla 3.4.3 |
||
mozilla bugzilla 3.3.3 |
||
mozilla bugzilla 3.3.4 |
||
mozilla bugzilla 3.5.1 |