FreeBSD : bugzilla -- Cross Site Request Forgery (9defb2d6-1404-11e4-8cae-20cf30e32f6d)
Medium Nessus Plugin ID 76854
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionA Bugzilla Security Advisory reports : Adobe does not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against Bugzilla's JSONP endpoint, possibly obtaining sensitive bug information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API.
SolutionUpdate the affected package.