Cross-Site Request Forgery Vulnerability in Bugzilla JSONRPC Endpoint
CVE-2014-1546

Currently unrated

Key Information:

Vendor

Mozilla
Status
Bugzilla
Vendor
CVE Published:
14 August 2014

What is CVE-2014-1546?

The JSONP endpoint in Bugzilla's WebService/Server allows attackers to exploit the response function due to insufficient restrictions on long callback values. This weakness can lead to cross-site request forgery, enabling remote attackers to craft OBJECT elements containing SWF content that bypasses security measures. This results in the unintended exposure of sensitive user information, posing a significant risk to the integrity and confidentiality of data within Bugzilla installations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securityfocus.com/archive/1/532895
mailing-listx_refsource_BUGTRAQ
https://bugzilla.mozilla.org/show_bug.cgi?id=1036213
x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-announce...
vendor-advisoryx_refsource_FEDORA

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.