Multiple cross-site request forgery (CSRF) vulnerabilities in Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 allow remote attackers to hijack the authentication of arbitrary users for requests related to (1) adding a saved search in buglist.cgi, (2) voting in votes.cgi, (3) sanity checking in sanitycheck.cgi, (4) creating or editing a chart in chart.cgi, (5) column changing in colchange.cgi, and (6) adding, deleting, or approving a quip in quips.cgi.
lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html
lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html
osvdb.org/70705
osvdb.org/70706
osvdb.org/70707
osvdb.org/70708
osvdb.org/70709
osvdb.org/70710
secunia.com/advisories/43033
secunia.com/advisories/43165
www.bugzilla.org/security/3.2.9/
www.debian.org/security/2011/dsa-2322
www.securityfocus.com/bid/45982
www.vupen.com/english/advisories/2011/0207
www.vupen.com/english/advisories/2011/0271
bugzilla.mozilla.org/show_bug.cgi?id=621090
bugzilla.mozilla.org/show_bug.cgi?id=621105
bugzilla.mozilla.org/show_bug.cgi?id=621107
bugzilla.mozilla.org/show_bug.cgi?id=621108
bugzilla.mozilla.org/show_bug.cgi?id=621109
bugzilla.mozilla.org/show_bug.cgi?id=621110
exchange.xforce.ibmcloud.com/vulnerabilities/65003