CVE-2011-2379 Information

Description

Cross-site scripting (XSS) vulnerability in Bugzilla 2.4 through 2.22.7 3.0.x through 3.3.x 3.4.x before 3.4.12 3.5.x 3.6.x before 3.6.6 3.7.x 4.0.x before 4.0.2 and 4.1.x before 4.1.3 when Internet Explorer before 9 or Safari before 5.0.6 is used for Raw Unified mode allows remote attackers to inject arbitrary web script or HTML via a crafted patch related to content sniffing.

Reference

http://secunia.com/advisories/45501 http://www.bugzilla.org/security/3.4.11/ http://www.debian.org/security/2011/dsa-2322 http://www.osvdb.org/74297 http://www.securityfocus.com/bid/49042 https://bugzilla.mozilla.org/show_bug.cgi?id=637981 https://exchange.xforce.ibmcloud.com/vulnerabilities/69033