Bugzilla 2.19.3 through 2.20 does not properly handle // sequences in URLs when redirecting a user from the login form, which could cause it to generate a partial URL in a form action that causes the users browser to send the form data to another domain.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Bugzilla | Mozilla | 2.19.3 | 2.19.3 |
Bugzilla | Mozilla | 2.20 | 2.20 |
Bugzilla | Mozilla | 2.20 | 2.20 |
Bugzilla | Mozilla | 2.20 | 2.20 |
Bugzilla | Mozilla | 2.21.2 | 2.21.2 |
Bugzilla | Mozilla | 2.21.1 | 2.21.1 |
Bugzilla | Mozilla | 2.21 | 2.21 |