CVE-2006-5454 - Heathy Yolks
Description
Bugzilla 2.18.x before 2.18.6 2.20.x before 2.20.3 2.22.x before 2.22.1 and 2.23.x before 2.23.3 allow remote attackers to obtain (1) the description of arbitrary attachments by viewing the attachment in \diff\ mode in attachment.cgi and (2) the deadline field by viewing the XML format of the bug in show_bug.cgi.
Reference
https://bugzilla.mozilla.org/show_bug.cgi?id=346086 https://bugzilla.mozilla.org/show_bug.cgi?id=346564 http://securitytracker.com/id?1017064 http://security.gentoo.org/glsa/glsa-200611-04.xml http://www.securityfocus.com/bid/20538 http://secunia.com/advisories/22790 http://www.osvdb.org/29546 http://www.bugzilla.org/security/2.18.5/ http://www.osvdb.org/29547 http://secunia.com/advisories/22409 http://securityreason.com/securityalert/1760 http://www.vupen.com/english/advisories/2006/4035 http://www.securityfocus.com/archive/1/448777/100/100/threaded