Bugzilla is prone to the following vulnerabilities: 1. A security bypass issue. 2. Multiple information-disclosure vulnerabilities. 3. A denial-of-service vulnerability. Successfully exploiting these issues may allow an attacker to bypass certain security restrictions, obtain sensitive information or cause the affected application to crash, denying service to legitimate users. The following versions are vulnerable: 4.x and 3.2.x versions prior to 3.2.8, 4.1.x and 3.4.x versions prior to 3.4.8. 4.2.x and 3.6.x versions prior to 3.6.2. 4.3.x versions prior to 3.7.3.

Updates are available. Please see the references for more information.

• http://www.bugzilla.org/security/3.2.7/
• https://www.securityfocus.com/bid/42275

---

Updated on 2015-03-25