ArchLinux: 201605-25: bugzilla: cross-site scripting
Summary
An attacker can craft a malicious summary within a bug report to host malicious javascript code. This code will be served to a user when he or she navigates to the bug's dependency graph.
Resolution
Upgrade to 5.0.3-1.
# pacman -Syu "bugzilla>=5.0.3-1"
The problem has been fixed upstream in version 5.0.3.
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2803 https://bugzilla.mozilla.org/show_bug.cgi?id=1253263
Workaround
None.