User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET4.0C; .NET4.0E; .NET CLR 3.5.30729) Build Identifier: Bugzilla is vulnerable to stored cross site scripting. An attacker can exploit stored XSS to steal user's session cookie,deface website,distribute malwares on user's machine etc. For more info please refer: http://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29 Reproducible: Always Steps to Reproduce: 1.Login to bugzilla in internet explorer. 2.file a bug. 3.Create an attachment test.png with following contents: <script>alert('Xssed')</script> now save this file as test.png and file type=all files. 4. Now upload this test.png as an attachment. 5.Go to attachment and click on details. 6.Observe that javascript is executing and alert box is displayed saying XSSed(as written in test.png). Expected Results: Attacker injected Javascript was executed in victim user's browser.

Please note that this issue can be reproduced only when you are browsing bugzilla.mozilla.org in internet explorer.

There is nothing confidential about this bug, and also very little dangerous. Attachments are served on a different domain that does not have access to this domain at all. This is a duplicate of bug 554121 and bug 453425.

Mmm, more accurately I'd say this is a dup of bug 38862.