VULHUB ™

Bugzilla is the bug tracking software package by the Mozilla project. It can be configured to run on Microsoft Windows and various Unix/Linux platforms. A vulnerability exists in Bugzilla which may allow a user to add bug comments as any other user. The process_bug.cgi script only checks that a user exists when a bug comment is added, not that the user adding the bug is the one currently logged in. This may be exploited by saving the add comment form locally and then changing the value of the appropriate form element. The attacker then submits the altered form.

Bugzilla is the bug tracking software package by the Mozilla project. It can be configured to run on Microsoft Windows and various Unix/Linux platforms. A vulnerability exists in Bugzilla which may allow a user to add bug comments as any other user. The process_bug.cgi script only checks that a user exists when a bug comment is added, not that the user adding the bug is the one currently logged in. This may be exploited by saving the add comment form locally and then changing the value of the appropriate form element. The attacker then submits the altered form.