bugzilla: multiple vulnerabilities

From the bugzilla advisory:

CVE-2010-4568: It was possible for a user to gain unauthorized access to any Bugzilla account in a very short amount of time (short enough that the attack is highly effective). This is a critical vulnerability that should be patched immediately by all Bugzilla installations.

CVE-2010-2761, CVE-2010-4411, CVE-2010-4572: By inserting particular strings into certain URLs, it was possible to inject both headers and content to any browser.

CVE-2010-4569: Bugzilla 3.7.x and 4.0rc1 have a new client-side autocomplete mechanism for all fields where a username is entered. This mechanism was vulnerable to a cross-site scripting attack.

CVE-2010-4570: Bugzilla 3.7.x and 4.0rc1 have a new mechanism on the bug entry page for automatically detecting if the bug you are filing is a duplicate of another existing bug. This mechanism was vulnerable to a cross-site scripting attack.

CVE-2010-4567, CVE-2011-0048: Bugzilla has a "URL" field that can contain several types of URL, including "javascript:" and "data:" URLs. However, it does not make "javascript:" and "data:" URLs into clickable links, to protect against cross-site scripting attacks or other attacks. It was possible to bypass this protection by adding spaces into the URL in places that Bugzilla did not expect them. Also, "javascript:" and "data:" links were *always* shown as clickable to logged-out users.

CVE-2011-0046: Various pages were vulnerable to Cross-Site Request Forgery attacks. Most of these issues are not as serious as previous CSRF vulnerabilities. Some of these issues were only addressed on more recent branches of Bugzilla and not fixed in earlier branches, in order to avoid changing behavior that external applications may depend on. The links below in "References" describe which issues were fixed on which branches.