Bugzilla 4.4.5 is a security release which addresses the following issue:
Adobe does not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against Bugzilla’s JSONP endpoint, possibly obtaining sensitive bug information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API.
For more details see: https://bugzilla.mozilla.org/show_bug.cgi?id=1036213
Interestingly this bug only seems to affect Firefox users.