First published: Fri Nov 16 2012(Updated: )
Bugzilla is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Flash component infrastructure in YUI script. A remote attacker could exploit this vulnerability using attack vectors related to swfstore.swf to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mozilla Bugzilla | =3.7 | |
Mozilla Bugzilla | =3.7.1 | |
Mozilla Bugzilla | =3.7.2 | |
Mozilla Bugzilla | =3.7.3 | |
Mozilla Bugzilla | =4.0 | |
Mozilla Bugzilla | =4.0-rc1 | |
Mozilla Bugzilla | =4.0-rc2 | |
Mozilla Bugzilla | =4.0.1 | |
Mozilla Bugzilla | =4.0.2 | |
Mozilla Bugzilla | =4.0.3 | |
Mozilla Bugzilla | =4.0.4 | |
Mozilla Bugzilla | =4.0.5 | |
Mozilla Bugzilla | =4.0.6 | |
Mozilla Bugzilla | =4.0.7 | |
Mozilla Bugzilla | =4.0.8 | |
Mozilla Bugzilla | =4.1 | |
Mozilla Bugzilla | =4.1.1 | |
Mozilla Bugzilla | =4.1.2 | |
Mozilla Bugzilla | =4.1.3 | |
Mozilla Bugzilla | =4.2 | |
Mozilla Bugzilla | =4.2-rc1 | |
Mozilla Bugzilla | =4.2-rc2 | |
Mozilla Bugzilla | =4.2.1 | |
Mozilla Bugzilla | =4.2.2 | |
Mozilla Bugzilla | =4.2.3 | |
Mozilla Bugzilla | =4.3 | |
Mozilla Bugzilla | =4.3.1 | |
Mozilla Bugzilla | =4.3.2 | |
Mozilla Bugzilla | =4.3.3 | |
Yahoo Yui | =2.8.0 | |
Yahoo Yui | =2.8.1 | |
Yahoo Yui | =2.8.1-pr1 | |
Yahoo Yui | =2.8.2 | |
Yahoo Yui | =2.9.0 | |
Yahoo Yui | =2.9.0-pr2 | |
Yahoo Yui | =2.9.0-pr4 | |
<=10.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2012-5883 is a cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI versions 2.8.0 through 2.9.0 and Bugzilla versions 3.7 through 4.3.3.
The CVE-2012-5883 vulnerability allows a remote attacker to execute malicious scripts in a victim's web browser by exploiting the improper validation of user-supplied input by the Flash component infrastructure in YUI and Bugzilla.
CVE-2012-5883 affects YUI versions 2.8.0 through 2.9.0 and Bugzilla versions 3.7 through 4.3.3.
CVE-2012-5883 has a severity rating of 4.3 (Medium).
To fix the CVE-2012-5883 vulnerability, it is recommended to update YUI to a version higher than 2.9.0 and Bugzilla to a version higher than 4.3.3.