MEDIUM
Multiple cross-site request forgery (CSRF) vulnerabilities in Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 allow remote attackers to hijack the authentication of arbitrary users for requests related to (1) adding a saved search in buglist.cgi, (2) voting in votes.cgi, (3) sanity checking in sanitycheck.cgi, (4) creating or editing a chart in chart.cgi, (5) column changing in colchange.cgi, and (6) adding, deleting, or approving a quip in quips.cgi.
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html
http://secunia.com/advisories/43033
http://secunia.com/advisories/43165
http://www.bugzilla.org/security/3.2.9/
http://www.debian.org/security/2011/dsa-2322
http://www.securityfocus.com/bid/45982
http://www.vupen.com/english/advisories/2011/0207
http://www.vupen.com/english/advisories/2011/0271
https://bugzilla.mozilla.org/show_bug.cgi?id=621090
https://bugzilla.mozilla.org/show_bug.cgi?id=621105
https://bugzilla.mozilla.org/show_bug.cgi?id=621107
https://bugzilla.mozilla.org/show_bug.cgi?id=621108
https://bugzilla.mozilla.org/show_bug.cgi?id=621109