CVE-2013-0785

Currently unrated

Key Information:

Vendor: Mozilla
Status: Bugzilla
Vendor: CVE Published:; 24 February 2013

Summary

Cross-site scripting (XSS) vulnerability in show_bug.cgi in Bugzilla before 3.6.13, 3.7.x and 4.0.x before 4.0.10, 4.1.x and 4.2.x before 4.2.5, and 4.3.x and 4.4.x before 4.4rc2 allows remote attackers to inject arbitrary web script or HTML via the id parameter in conjunction with an invalid value of the format parameter.

References

http://www.mandriva.com/security/advisories?name=MDVSA-20...

vendor-advisoryx_refsource_MANDRIVA

https://bugzilla.mozilla.org/show_bug.cgi?id=842038

x_refsource_CONFIRM

http://www.bugzilla.org/security/3.6.12/

x_refsource_CONFIRM

Timeline

Vulnerability published
Feb 24, 2013
Vulnerability Reserved
Jan 2, 2013