Cross-Site Request Forgery Vulnerability in Bugzilla by Mozilla
CVE-2013-1734

Currently unrated

Key Information:

Vendor: Mozilla
Status: Bugzilla
Vendor: CVE Published:; 24 October 2013

What is CVE-2013-1734?

A cross-site request forgery vulnerability exists in Bugzilla's attachment management that permits remote attackers to execute unauthorized requests, effectively hijacking the authentication of users performing actions that modify attachments. This flaw affects multiple versions of Bugzilla, allowing attackers to manipulate attachment changes without the legitimate user's consent, posing a significant security risk for all impacted installations.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=913904

x_refsource_CONFIRM

http://www.bugzilla.org/security/4.0.10/

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Oct 24, 2013