Insecure Error Handling in Bugzilla by Mozilla
CVE-2013-0786

Currently unrated

Key Information:

Vendor

Mozilla
Status
Bugzilla
Vendor
CVE Published:
24 February 2013

What is CVE-2013-0786?

The vulnerability in Bugzilla arises from the Bugzilla::Search::build_subselect function, which generates inconsistent error messages for invalid product queries based on product existence. This inconsistency can be exploited by remote attackers to discern private product names when the application runs in debug mode, exposing sensitive information that could aid in further attacks or reconnaissance efforts.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.mandriva.com/security/advisories?name=MDVSA-20...
vendor-advisoryx_refsource_MANDRIVA
https://bugzilla.mozilla.org/show_bug.cgi?id=824399
x_refsource_CONFIRM
http://www.bugzilla.org/security/3.6.12/
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.