Bugzilla Cross Site Request Forgery

Feb 25, 2012 12:54 AM

Summary

=======

Bugzilla is a Web-based bug-tracking system used by a large number of

software projects. The following security issue has been discovered

in Bugzilla:

* A CSRF vulnerability in the implementation of the XML-RPC API

when running under mod_perl could be used to make changes to

bugs or execute some admin tasks without the victim's knowledge.

All affected installations are encouraged to upgrade as soon as

possible.

You already know how to use your phone. With Gadget Hacks' newsletter, we'll show you how to master it. Each week, we explore features, hidden tools, and advanced settings that give you more control over iOS and Android than most users even know exists.