Bugzilla HTML Injection and Cross Site Request Forgery Vulnerabilities

Bugtraq ID: 33580
Class: Design Error
CVE: CVE-2009-0481
CVE-2009-0482
CVE-2009-0483
CVE-2009-0484
CVE-2009-0485
Remote: Yes
Local: No
Published: Feb 02 2009 12:00AM
Updated: Jun 04 2010 08:40PM
Credit: Fr&amp;eacute;d&amp;eacute;ric Buclin, Stephen Lee, Jesse Ruderman, Terry Weissman, Max Kanat-Alexander, Teemu Mannermaa, Mozilla Corporation <br>
Vulnerable: Red Hat Fedora 9
Red Hat Fedora 10
Mozilla Bugzilla 3.3.1
Mozilla Bugzilla 3.0.6
Mozilla Bugzilla 3.0.5
Mozilla Bugzilla 3.0.4
Mozilla Bugzilla 3.0.2
Mozilla Bugzilla 3.0.1
Mozilla Bugzilla 3.0
Mozilla Bugzilla 2.22.6
Mozilla Bugzilla 2.22.5
Mozilla Bugzilla 2.22.4
Mozilla Bugzilla 2.22.3
Mozilla Bugzilla 2.22.2
Mozilla Bugzilla 2.22.1
Mozilla Bugzilla 3.2
Mozilla Bugzilla 2.22 RC1
Mozilla Bugzilla 2.22
Gentoo Linux
Not Vulnerable: Mozilla Bugzilla 3.3.2
Mozilla Bugzilla 3.2.1
Mozilla Bugzilla 3.0.7
Mozilla Bugzilla 2.22.7


 

Privacy Statement
Copyright 2010, SecurityFocus