Cross-Site Request Forgery in Bugzilla by Mozilla
CVE-2013-1733

Currently unrated

Key Information:

Vendor: Mozilla
Status: Bugzilla
Vendor: CVE Published:; 24 October 2013

What is CVE-2013-1733?

A Cross-Site Request Forgery (CSRF) vulnerability exists in the process_bug.cgi component of Bugzilla versions prior to 4.4.1. This flaw allows remote attackers to exploit the midair-collision token vulnerability to hijack the authentication process of users, facilitating unauthorized modification of bug entries. Attackers could manipulate user requests without their consent, impacting the integrity of bug tracking operations.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=911593

x_refsource_CONFIRM

http://www.bugzilla.org/security/4.0.10/

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Oct 24, 2013