Bugzilla Security Advisory - When the user logs in using LDAP, the username is not escaped before being passed to LDAP which could potentially lead to LDAP injection. Extensions are not protected against directory browsing by default and users can view the source code of templates used by the extensions. These templates may contain sensitive data.
a5d9eb97d8ed5caaa5684888b740b5cecb254605b98dce901b0bd2362f639636