First published: Tue Feb 28 2006(Updated: )
Bugzilla 2.19.3 through 2.20 does not properly handle "//" sequences in URLs when redirecting a user from the login form, which could cause it to generate a partial URL in a form action that causes the user's browser to send the form data to another domain.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mozilla Bugzilla | =2.19.3 | |
Mozilla Bugzilla | =2.20-rc2 | |
Mozilla Bugzilla | =2.20-rc1 | |
Mozilla Bugzilla | =2.20 | |
Mozilla Bugzilla | =2.21.2 | |
Mozilla Bugzilla | =2.21.1 | |
Mozilla Bugzilla | =2.21 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.