Mandriva Linux Security Advisory 2014-169 - Adobe does not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery attacks against Bugzilla's JSONP endpoint, possibly obtaining sensitive bug information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API.
f5bd598a395b6c05ed00bff7322ba053ea6bda85e2b6ae397f5bc9946a6a1af1
Bugzilla Security Advisory - Bugzilla versions 3.7.1 to 4.0.13, 4.1.1 to 4.2.9, 4.3.1 to 4.4.4, and 4.5.1 to 4.5.4 suffer from a cross site request forgery vulnerability.
cd0337a3196b87e65a4382c3d46665e5a07957324bbe8fa092ed144b51893ab0