A Bugzilla Security Advisory reports:
	  The following security issues have been discovered in
	    Bugzilla:
	  
	    - Account Impersonation:
	      When a user creates a new account, Bugzilla doesn't correctly
	      reject email addresses containing non-ASCII characters, which
	      could be used to impersonate another user account.  Such email
	      addresses could look visually identical to other valid email
	      addresses, and an attacker could try to confuse other users
	      and be added to bugs he shouldn't have access to.
- Cross-Site Request Forgery:
	       Due to a lack of validation of the Content-Type head when
	       making POST requests to jsonrpc.cgi, a possible CSRF
	       vulnerability was discovered.  If a user visits an HTML page
	       with some malicious JS code in it, an attacker could make
	       changes to a remote Bugzilla installation on behalf of the
	       victim's account by using the JSON-RPC API.  The user would
	       have had to be already logged in to the target site for the
	       vulnerability to work.
All affected installations are encouraged to upgrade as soon as
	    possible.