Candidate: CVE-2011-3669
PublicDate: 2012-01-02 19:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3669
 http://www.bugzilla.org/security/3.4.12/
Description:
 Cross-site request forgery (CSRF) vulnerability in attachment.cgi in
 Bugzilla 2.x, 3.x, and 4.x before 4.2rc1 allows remote attackers to hijack
 the authentication of arbitrary users for requests that upload attachments.
Ubuntu-Description:
Notes:
Bugs:
 https://bugzilla.mozilla.org/show_bug.cgi?id=703983
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_bugzilla:
upstream_bugzilla: released (4.2rc1)
hardy_bugzilla: ignored (reached end-of-life)
lucid_bugzilla: ignored (reached end-of-life)
maverick_bugzilla: ignored (reached end-of-life)
natty_bugzilla: ignored (reached end-of-life)
oneiric_bugzilla: ignored (reached end-of-life)
precise_bugzilla: DNE
quantal_bugzilla: DNE
raring_bugzilla: DNE
saucy_bugzilla: DNE
devel_bugzilla: DNE