Cross-Site Request Forgery Vulnerability in Bugzilla JSONRPC Endpoint
CVE-2014-1546

Currently unrated

Key Information:

Vendor: Mozilla
Status: Bugzilla
Vendor: CVE Published:; 14 August 2014

What is CVE-2014-1546?

The JSONP endpoint in Bugzilla's WebService/Server allows attackers to exploit the response function due to insufficient restrictions on long callback values. This weakness can lead to cross-site request forgery, enabling remote attackers to craft OBJECT elements containing SWF content that bypasses security measures. This results in the unintended exposure of sensitive user information, posing a significant risk to the integrity and confidentiality of data within Bugzilla installations.

References

http://www.securityfocus.com/archive/1/532895

mailing-listx_refsource_BUGTRAQ

https://bugzilla.mozilla.org/show_bug.cgi?id=1036213

x_refsource_CONFIRM

http://lists.fedoraproject.org/pipermail/package-announce...

vendor-advisoryx_refsource_FEDORA

Timeline

Vulnerability published
Aug 14, 2014
Vulnerability Reserved
Jan 16, 2014

Mozilla

What is CVE-2014-1546?

References

Timeline