Bugzilla Security Advisory - Due to a lack of validation of the enctype form attribute when making POST requests to xmlrpc.cgi, a possible CSRF vulnerability was discovered in Bugzilla versions 4.0.2 through 4.0.4 and 4.1.1 through 4.2rc2.
fe9aa9d5a2e0261931ccfa5c0cb9081fcee27f39f8a92d16f3b60fbcf5b9c472