Linux Today: Linux News On Internet Time.

More on LinuxToday Bugzilla Bug Squashed

Dec 31, 2002, 17:30 (0 Talkback[s])
(Other stories by Ryan Naraine)

"A potentially-dangerous security bug has been detected in Bugzilla, a popular open-source bug-tracking software run by the Mozilla Foundation.

"Researchers warned of the cross site scripting vulnerability within Bugzilla that lets a remote attacker create a malicious link containing script code which could be executed in the browser of a legitimate user, in the context of the Web site running Bugzilla.

"Because Bugzilla does not properly sanitize any input submitted by users, malicious script could be embedded and may be exploited to steal cookie-based authentication credentials from legitimate users of the Web site running the vulnerable software..."

Complete Story

Related Story:
Debian GNU/Linux Advisory: bugzilla(Dec 30, 2002)