This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.
The remote FreeBSD host is missing one or more security-related
A Bugzilla Security Advisory reports:Cross-Site Request Forgery When a
user submits changes to a bug right after another user did, a midair
collision page is displayed to inform the user about changes recently
made. This page contains a token which can be used to validate the
changes if the user decides to submit his changes anyway. A regression
in Bugzilla 4.4 caused this token to be recreated if a crafted URL was
given, even when no midair collision page was going to be displayed,
allowing an attacker to bypass the token check and abuse a user to
commit changes on his behalf. Cross-Site Request Forgery When an
attachment is edited, a token is generated to validate changes made by
the user. Using a crafted URL, an attacker could force the token to be
recreated, allowing him to bypass the token check and abuse a user to
commit changes on his behalf. Cross-Site Scripting Some parameters
passed to editflagtypes.cgi were not correctly filtered in the HTML
page, which could lead to XSS. Cross-Site Scripting Due to an
incomplete fix for CVE-2012-4189, some incorrectly filtered field
values in tabular reports could lead to XSS.
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 6.8