Bugzilla contains a flaw that may lead to an unauthorized information modification. The issue is triggered when a user correctly guesses the name of a product that should be invisible to them. When this occurs, the user will be able to enter bugs into products that are closed for the bug entry resulting in a loss of integrity.

Upgrade to version 2.16.9 or higher, version 2.18.1 or higher, or 2.19.3 or higher, as these versions have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

• Secunia Advisory ID: 15338
• Related OSVDB ID: 16425 16427
• CVE ID: 2005-1564 (see also: NVD)
• Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-05/0144.html
• Vendor Specific Advisory URL: http://www.bugzilla.org/security/2.16.8/
• Vendor Specific News/Changelog Entry: https://bugzilla.mozilla.org/show_bug.cgi?id=287109

• Roman Pszonka -
• Gervase Markham -
• Frédéric Buclin -
• Myk Melez -
• Joel Peshkin - bugreportpeshkin.net -
• Marc Schumann -