CVE-2010-4209

Cross-site scripting XSS vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.8.1, as used in Bugzilla 3.7.1 through 3.7.3 and 4.1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore/swfstore.swf...

CVE-2010-2470

Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6.1 and 3.7 through 3.7.1, when usesuexec is enabled, uses world-readable permissions within 1 .bzr/ and 2 data/webdot/, which allows local users to obtain potentially sensitive data by reading files in these directories, a different vulnerability...