Arbitrary Command Execution in Bugzilla Products by Mozilla
CVE-2014-8630

Currently unrated

Key Information:

Vendor

Mozilla
Status
Bugzilla
Vendor
CVE Published:
1 February 2015

What is CVE-2014-8630?

A vulnerability in Bugzilla allows remote authenticated users to execute arbitrary commands by exploiting the editcomponents privilege. Malicious actors can manipulate input to a two-argument Perl open call, leading to serious security risks. Specific versions of Bugzilla are vulnerable, and it is critical for users to update to secure versions to protect against potential abuses.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://advisories.mageia.org/MGASA-2015-0048.html
x_refsource_CONFIRM
https://bugzilla.mozilla.org/show_bug.cgi?id=1079065
x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-announce...
vendor-advisoryx_refsource_FEDORA

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.