Cross-site request forgery (CSRF) vulnerability in Bugzilla before 3.2 before 3.2.1, 3.3 before 3.3.2, and other versions before 3.2 allows remote attackers to perform bug updating activities as other users via a link or IMG tag to process_bug.cgi.
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Bugzilla | Mozilla | 2.10 | 2.10 |
Bugzilla | Mozilla | 2.12 | 2.12 |
Bugzilla | Mozilla | 2.14 | 2.14 |
Bugzilla | Mozilla | 2.14.1 | 2.14.1 |
Bugzilla | Mozilla | 2.14.2 | 2.14.2 |
Bugzilla | Mozilla | 2.14.3 | 2.14.3 |
Bugzilla | Mozilla | 2.14.4 | 2.14.4 |
Bugzilla | Mozilla | 2.14.5 | 2.14.5 |
Bugzilla | Mozilla | 2.16 | 2.16 |
Bugzilla | Mozilla | 2.16 | 2.16 |
Bugzilla | Mozilla | 2.16.1 | 2.16.1 |
Bugzilla | Mozilla | 2.16.2 | 2.16.2 |
Bugzilla | Mozilla | 2.16.3 | 2.16.3 |
Bugzilla | Mozilla | 2.16.4 | 2.16.4 |
Bugzilla | Mozilla | 2.16.5 | 2.16.5 |
Bugzilla | Mozilla | 2.16.6 | 2.16.6 |
Bugzilla | Mozilla | 2.16.7 | 2.16.7 |
Bugzilla | Mozilla | 2.16.8 | 2.16.8 |
Bugzilla | Mozilla | 2.16.9 | 2.16.9 |
Bugzilla | Mozilla | 2.16.10 | 2.16.10 |
Bugzilla | Mozilla | 2.16.11 | 2.16.11 |
Bugzilla | Mozilla | 2.16_rc2 | 2.16_rc2 |
Bugzilla | Mozilla | 2.17 | 2.17 |
Bugzilla | Mozilla | 2.17.1 | 2.17.1 |
Bugzilla | Mozilla | 2.17.2 | 2.17.2 |
Bugzilla | Mozilla | 2.17.3 | 2.17.3 |
Bugzilla | Mozilla | 2.17.4 | 2.17.4 |
Bugzilla | Mozilla | 2.17.5 | 2.17.5 |
Bugzilla | Mozilla | 2.17.6 | 2.17.6 |
Bugzilla | Mozilla | 2.17.7 | 2.17.7 |
Bugzilla | Mozilla | 2.18 | 2.18 |
Bugzilla | Mozilla | 2.18 | 2.18 |
Bugzilla | Mozilla | 2.18 | 2.18 |
Bugzilla | Mozilla | 2.18 | 2.18 |
Bugzilla | Mozilla | 2.18.1 | 2.18.1 |
Bugzilla | Mozilla | 2.18.2 | 2.18.2 |
Bugzilla | Mozilla | 2.18.3 | 2.18.3 |
Bugzilla | Mozilla | 2.18.4 | 2.18.4 |
Bugzilla | Mozilla | 2.18.5 | 2.18.5 |
Bugzilla | Mozilla | 2.18.6 | 2.18.6 |
Bugzilla | Mozilla | 2.18.7 | 2.18.7 |
Bugzilla | Mozilla | 2.18.8 | 2.18.8 |
Bugzilla | Mozilla | 2.18.9 | 2.18.9 |
Bugzilla | Mozilla | 2.19 | 2.19 |
Bugzilla | Mozilla | 2.19.1 | 2.19.1 |
Bugzilla | Mozilla | 2.19.2 | 2.19.2 |
Bugzilla | Mozilla | 2.19.3 | 2.19.3 |
Bugzilla | Mozilla | 2.20 | 2.20 |
Bugzilla | Mozilla | 2.20 | 2.20 |
Bugzilla | Mozilla | 2.20 | 2.20 |
Bugzilla | Mozilla | 2.20.1 | 2.20.1 |
Bugzilla | Mozilla | 2.20.2 | 2.20.2 |
Bugzilla | Mozilla | 2.20.3 | 2.20.3 |
Bugzilla | Mozilla | 2.20.4 | 2.20.4 |
Bugzilla | Mozilla | 2.20.5 | 2.20.5 |
Bugzilla | Mozilla | 2.20.6 | 2.20.6 |
Bugzilla | Mozilla | 2.21 | 2.21 |
Bugzilla | Mozilla | 2.21.1 | 2.21.1 |
Bugzilla | Mozilla | 2.21.2 | 2.21.2 |
Bugzilla | Mozilla | 2.22 | 2.22 |
Bugzilla | Mozilla | 2.22 | 2.22 |
Bugzilla | Mozilla | 2.22.1 | 2.22.1 |
Bugzilla | Mozilla | 2.22.2 | 2.22.2 |
Bugzilla | Mozilla | 2.22.3 | 2.22.3 |
Bugzilla | Mozilla | 2.22.4 | 2.22.4 |
Bugzilla | Mozilla | 2.22.5 | 2.22.5 |
Bugzilla | Mozilla | 2.22.6 | 2.22.6 |
Bugzilla | Mozilla | 3.0.0 | 3.0.0 |
Bugzilla | Mozilla | 3.0.1 | 3.0.1 |
Bugzilla | Mozilla | 3.0.2 | 3.0.2 |
Bugzilla | Mozilla | 3.0.3 | 3.0.3 |
Bugzilla | Mozilla | 3.0.4 | 3.0.4 |
Bugzilla | Mozilla | 3.0.5 | 3.0.5 |
Bugzilla | Mozilla | 3.0.6 | 3.0.6 |
Bugzilla | Mozilla | 3.2 | 3.2 |
Bugzilla | Mozilla | 3.3.1 | 3.3.1 |
Bugzilla | Ubuntu | dapper | * |
Bugzilla | Ubuntu | gutsy | * |
Bugzilla | Ubuntu | hardy | * |
Bugzilla | Ubuntu | intrepid | * |
Bugzilla | Ubuntu | jaunty | * |
Bugzilla | Ubuntu | upstream | * |