All users were logged out of Bugzilla on October 13th, 2018

XSS and DoS vulnerabilities in Drupal 4.6 and 4.7

RESOLVED FIXED

Status

--
critical
RESOLVED FIXED
12 years ago
6 years ago

People

(Reporter: justdave, Assigned: ian)

Tracking

({wsec-xss})

Details

Two security advisories were issued on Drupal today that affect the spreadfirefox.com installation.  I'm sure you saw the advisories already, just getting a bug to track this.

Cross-site scripting in Drupal Core:
http://drupal.org/node/104233

Denial-of-service in Drupal Core:
http://drupal.org/node/104238
Oh, I'm told our SFX may still be Drupal 4.6, and these advisories do affect that also.
Summary: XSS and DoS vulnerabilities in Drupal 4.7 → XSS and DoS vulnerabilities in Drupal 4.6 and 4.7
Group: security → mozillaorgconfidential
(In reply to comment #2)
> Dupe of bug 366017?

Yes.  Nice of them to file a new bug instead of using the existing one ;)
Group: mozillaorgconfidential
Status: NEW → RESOLVED
Last Resolved: 12 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 366017

Comment 4

11 years ago
Fixed , a while ago
Resolution: DUPLICATE → FIXED
Product: Websites → Websites Graveyard
Adding keywords to bugs for metrics, no action required.  Sorry about bugmail spam.
Keywords: wsec-xss
You need to log in before you can comment on or make changes to this bug.