CVE-2006-5454 Information

Description

Bugzilla 2.18.x before 2.18.6 2.20.x before 2.20.3 2.22.x before 2.22.1 and 2.23.x before 2.23.3 allow remote attackers to obtain (1) the description of arbitrary attachments by viewing the attachment in \diff\ mode in attachment.cgi and (2) the deadline field by viewing the XML format of the bug in show_bug.cgi.

Reference

http://secunia.com/advisories/22409 http://secunia.com/advisories/22790 http://security.gentoo.org/glsa/glsa-200611-04.xml http://securityreason.com/securityalert/1760 http://securitytracker.com/id?1017064 http://www.bugzilla.org/security/2.18.5/ http://www.osvdb.org/29546 http://www.osvdb.org/29547 http://www.securityfocus.com/archive/1/448777/100/100/threaded http://www.securityfocus.com/bid/20538 http://www.vupen.com/english/advisories/2006/4035 https://bugzilla.mozilla.org/show_bug.cgi?id=346086 https://bugzilla.mozilla.org/show_bug.cgi?id=346564