Bugzilla contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when viewing attachments in 'diff' mode, users who are not members of "insidergroup" can read the descriptions of all attachments. This will disclose potentially sensitive information resulting in a loss of confidentiality.

Upgrade to version 2.18.6, 2.20.3, 2.22.1, or 2.23.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

• CVE ID: 2006-5454 (see also: NVD)
• Secunia Advisory ID: 22409 22790
• Related OSVDB ID: 29544 29545 29547 29548 29549
• Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0242.html
• Vendor Specific Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200611-04.xml
• Vendor Specific News/Changelog Entry: https://bugzilla.mozilla.org/show_bug.cgi?id=346086

Unknown or Incomplete