Candidate: CVE-2011-2379
PublicDate: 2011-08-09 19:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2379
 http://www.bugzilla.org/security/3.4.11/
Description:
 Cross-site scripting (XSS) vulnerability in Bugzilla 2.4 through 2.22.7,
 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x,
 4.0.x before 4.0.2, and 4.1.x before 4.1.3, when Internet Explorer before 9
 or Safari before 5.0.6 is used for Raw Unified mode, allows remote
 attackers to inject arbitrary web script or HTML via a crafted patch,
 related to content sniffing.
Ubuntu-Description:
Notes:
Bugs:
 https://bugzilla.mozilla.org/show_bug.cgi?id=637981
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_bugzilla:
 vendor: http://www.debian.org/security/2011/dsa-2322
upstream_bugzilla: released (3.4.12,3.6.6,4.0.2,4.1.3)
hardy_bugzilla: ignored (reached end-of-life)
lucid_bugzilla: ignored (reached end-of-life)
maverick_bugzilla: ignored (reached end-of-life)
natty_bugzilla: not-affected
oneiric_bugzilla: ignored (reached end-of-life)
precise_bugzilla: DNE (dropped by debian)
quantal_bugzilla: DNE (dropped by debian)
raring_bugzilla: DNE (dropped by debian)
saucy_bugzilla: DNE (dropped by debian)
devel_bugzilla: DNE (dropped by debian)