Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Link to Us
Linux Jobs

More on LinuxToday Bugzilla Bug Squashed

Dec 31, 2002, 17:30 (0 Talkback[s])
(Other stories by Ryan Naraine)

"A potentially-dangerous security bug has been detected in Bugzilla, a popular open-source bug-tracking software run by the Mozilla Foundation.

"Researchers warned of the cross site scripting vulnerability within Bugzilla that lets a remote attacker create a malicious link containing script code which could be executed in the browser of a legitimate user, in the context of the Web site running Bugzilla.

"Because Bugzilla does not properly sanitize any input submitted by users, malicious script could be embedded and may be exploited to steal cookie-based authentication credentials from legitimate users of the Web site running the vulnerable software..."

Complete Story

Related Story:
Debian GNU/Linux Advisory: bugzilla(Dec 30, 2002)