Bugzilla Security Advisory

Command Injection

Some code in Bugzilla does not properly utilize 3 arguments form for open() and it is possible for an account with editcomponents permissions to inject commands into product names and other attributes.

Information Leak

Using the WebServices API, a user can possibly execute imported functions from other non-WebService modules. A whitelist has now been added that lists explicit methods that can be executed via the API.

< 4.4.7

A Bugzilla Security Advisory reports:

Dangerous control characters can be inserted into Bugzilla, notably into bug comments. If the text, which may look safe, is copied into a terminal such as xterm or gnome-terminal, then unexpected commands could be executed on the local machine.

ge 2.0.0 lt 4.0.12

ge 4.1.1 lt 4.2.8

ge 4.4.0 lt 4.4.3

Bugzilla Security Advisory

A specially crafted bug summary could trigger XSS in dependency graphs. Due to an incorrect parsing of the image map generated by the dot script, a specially crafted bug summary could trigger XSS in dependency graphs.

< 4.4.12

< 5.0.3

Bugzilla Security Advisory

During the generation of a dependency graph, the code for the HTML image map is generated locally if a local dot installation is used. With escaped HTML characters in a bug summary, it is possible to inject unfiltered HTML code in the map file which the CreateImagemap function generates. This could be used for a cross-site scripting attack.

If an external HTML page contains a