Bugzilla RSS title cross-site scripting

bugzilla-rss-title-xss (24820) The risk level is classified as MediumMedium Risk

Description:

Bugzilla is vulnerable to cross-site scripting, caused by improper validation of user-supplied input some Bugzilla RSS feeds. A remote attacker could exploit this vulnerability using an HMTL title tag in an RSS feed to execute script in a victim's Web browser within the security context of the hosting Web site, allowing the attacker to steal the victim's cookie-based authentication credentials.

Platforms Affected:

  • Mozilla, Bugzilla 2.20
  • Mozilla, Bugzilla 2.20 rc1
  • Mozilla, Bugzilla 2.20 rc2
  • Mozilla, Bugzilla 2.21
  • Mozilla, Bugzilla 2.21.1

Remedy:

Upgrade to the latest version of Bugzilla (2.18.4 or later), (2.20 or later) or (2.21.1 or later), as listed in the Bugzilla Security Advisory dated February 20, 2006. See References.

Consequences:

Gain Access

References:

  • Bugzilla Security Advisory February 20, 2006, 2.18.4, 2.20, and 2.21.1 Security Advisory at http://www.bugzilla.org/security/2.18.4/.
  • Mozilla Bugzilla Bug 313441, Query RSS should HTML-escape summary in at <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=313441" target="_blank" >https://bugzilla.mozilla.org/show_bug.cgi?id=313441</a>. </li> <li style="margin-bottom: 1em; word-break: break-all;"><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2420" target="_blank"><b>CVE-2006-2420</b></a>: Bugzilla 2.20rc1 through 2.20 and 2.21.1, when using RSS 1.0, allows remote attackers to conduct cross-site scripting (XSS) attacks via a title element with HTML encoded sequences such as >, which are automatically decoded by some RSS readers. NOTE: this issue is not in Bugzilla itself, but rather due to design or documentation inconsistencies within RSS, or implementation vulnerabilities in RSS readers. While this issue normally would not be included in CVE, it is being identified since the Bugzilla developers have addressed it.</li> <li style="margin-bottom: 1em; word-break: break-all;"><a href="http://secunia.com/advisories/18979" target="_blank"><b>SA18979</b></a>: Bugzilla Multiple Vulnerabilities</li> <li style="margin-bottom: 1em; word-break: break-all;"><a href="http://www.frsirt.com/english/advisories/2006/0692" target="_blank"><b>VUPEN/ADV-2006-0692</b></a>: Bugzilla Multiple SQL Injection and Cross Site Scripting Vulnerabilities</li> </ul> <p><b>Reported:</b></p> <p>Feb 20, 2006</p> <p>The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.</p> <p align="center">For corrections or additions please email <a href="mailto:xforce@iss.net?Subject=bugzilla-rss-title-xss (24820) feedback">xforce@iss.net</a></p> <p align="center"><a href="/">Return to the main page</a></p> <!-- END CONTENT AREA --> </div> </div> </div> <div class="clearEmpty"> </div> </div> <div id="footer"> <a href="http://www.iss.net/Sitemap.html">Site Map</a> | <a href="http://www.iss.net/privacy.html">Privacy Policy</a> | <a href="http://www.iss.net/main/terms_of_use.html">Terms of Use</a> | <a href="http://www.iss.net/trademarks.html">Trademarks</a> <br /> © Copyright IBM Corporation 1994 - 2009. All rights reserved worldwide. </div> </body> </html>