votes.cgi in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote attackers to read a user's voting page when that user has voted on a restricted bug, which allows remote attackers to read potentially sensitive voting information by modifying the who parameter.
| Software | From | Fixed in |
|---|---|---|
| mozilla / bugzilla | 2.10 | 2.10.x |
| mozilla / bugzilla | 2.12 | 2.12.x |
| mozilla / bugzilla | 2.14 | 2.14.x |
| mozilla / bugzilla | 2.14.1 | 2.14.1.x |
| mozilla / bugzilla | 2.14.2 | 2.14.2.x |
| mozilla / bugzilla | 2.14.3 | 2.14.3.x |
| mozilla / bugzilla | 2.14.4 | 2.14.4.x |
| mozilla / bugzilla | 2.14.5 | 2.14.5.x |
| mozilla / bugzilla | 2.16 | 2.16.x |
| mozilla / bugzilla | 2.16.1 | 2.16.1.x |
| mozilla / bugzilla | 2.16.2 | 2.16.2.x |
| mozilla / bugzilla | 2.16.3 | 2.16.3.x |
| mozilla / bugzilla | 2.17.1 | 2.17.1.x |
| mozilla / bugzilla | 2.17.3 | 2.17.3.x |
| mozilla / bugzilla | 2.17.4 | 2.17.4.x |
| mozilla / bugzilla | 2.4 | 2.4.x |
| mozilla / bugzilla | 2.6 | 2.6.x |
| mozilla / bugzilla | 2.8 | 2.8.x |