VULHUB ™

Bugzilla is the bug tracking software package by the Mozilla project. A problem in Bugzilla has been discovered that allows remote users to gain access to restricted bug information. Upon viewing a restricted bug, the user may save the show_bug.cgi page, and monitor the hidden form fields to the following: <INPUT TYPE=HIDDEN NAME="delta_ts" VALUE="19950000000000"> <INPUT TYPE=HIDDEN NAME="longdesclength" VALUE="0"> <INPUT TYPE=HIDDEN NAME="id" VALUE=bugid> Loading this modified page, and clicking commit yields the comments.

Bugzilla is the bug tracking software package by the Mozilla project. A problem in Bugzilla has been discovered that allows remote users to gain access to restricted bug information. Upon viewing a restricted bug, the user may save the show_bug.cgi page, and monitor the hidden form fields to the following: <INPUT TYPE=HIDDEN NAME="delta_ts" VALUE="19950000000000"> <INPUT TYPE=HIDDEN NAME="longdesclength" VALUE="0"> <INPUT TYPE=HIDDEN NAME="id" VALUE=bugid> Loading this modified page, and clicking commit yields the comments.