Bugzilla HTML Injection and Cross Site Request Forgery Vulnerabilities
|
Bugtraq ID:
|
33580
|
|
Class:
|
Design Error
|
|
CVE:
|
CVE-2009-0481
CVE-2009-0482
CVE-2009-0483
CVE-2009-0484
CVE-2009-0485
|
|
Remote:
|
Yes
|
|
Local:
|
No
|
|
Published:
|
Feb 02 2009 12:00AM
|
|
Updated:
|
Jun 04 2010 08:40PM
|
|
Credit:
|
Frédéric Buclin, Stephen Lee, Jesse Ruderman, Terry Weissman, Max Kanat-Alexander, Teemu Mannermaa, Mozilla Corporation
<br>
|
|
Vulnerable:
|
Red Hat Fedora 9
Red Hat Fedora 10
Mozilla Bugzilla 3.3.1
Mozilla Bugzilla 3.0.6
Mozilla Bugzilla 3.0.5
Mozilla Bugzilla 3.0.4
Mozilla Bugzilla 3.0.2
Mozilla Bugzilla 3.0.1
Mozilla Bugzilla 3.0
Mozilla Bugzilla 2.22.6
Mozilla Bugzilla 2.22.5
Mozilla Bugzilla 2.22.4
Mozilla Bugzilla 2.22.3
Mozilla Bugzilla 2.22.2
Mozilla Bugzilla 2.22.1
Mozilla Bugzilla 3.2
Mozilla Bugzilla 2.22 RC1
Mozilla Bugzilla 2.22
Gentoo Linux
|
|
|
|
Not Vulnerable:
|
Mozilla Bugzilla 3.3.2
Mozilla Bugzilla 3.2.1
Mozilla Bugzilla 3.0.7
Mozilla Bugzilla 2.22.7
|
|
