Candidate: CVE-2013-1743
PublicDate: 2013-10-24 10:53:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1743
 https://bugzilla.mozilla.org/show_bug.cgi?id=924932
Description:
 Multiple cross-site scripting (XSS) vulnerabilities in report.cgi in
 Bugzilla 4.1.x and 4.2.x before 4.2.7 and 4.3.x and 4.4.x before 4.4.1
 allow remote attackers to inject arbitrary web script or HTML via a field
 value that is not properly handled during construction of a tabular report,
 as demonstrated by the (1) summary or (2) real name field.  NOTE: this
 issue exists because of an incomplete fix for CVE-2012-4189.
Ubuntu-Description:
Notes:
 seth-arnold> 4.2 and 4.4 only
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_bugzilla:
 upstream: http://bzr.mozilla.org/bugzilla/4.4/revision/8626 (4.4)
 upstream: http://bzr.mozilla.org/bugzilla/4.2/revision/8234 (4.2)
upstream_bugzilla: not-affected
lucid_bugzilla: not-affected
precise_bugzilla: DNE
quantal_bugzilla: DNE
raring_bugzilla: DNE
devel_bugzilla: DNE