Arbitrary Command Execution in Bugzilla Products by Mozilla
CVE-2014-8630

Currently unrated

Key Information:

Vendor: Mozilla
Status: Bugzilla
Vendor: CVE Published:; 1 February 2015

What is CVE-2014-8630?

A vulnerability in Bugzilla allows remote authenticated users to execute arbitrary commands by exploiting the editcomponents privilege. Malicious actors can manipulate input to a two-argument Perl open call, leading to serious security risks. Specific versions of Bugzilla are vulnerable, and it is critical for users to update to secure versions to protect against potential abuses.

References

http://advisories.mageia.org/MGASA-2015-0048.html

x_refsource_CONFIRM

https://bugzilla.mozilla.org/show_bug.cgi?id=1079065

x_refsource_CONFIRM

http://lists.fedoraproject.org/pipermail/package-announce...

vendor-advisoryx_refsource_FEDORA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 1, 2015
Vulnerability Reserved
Nov 6, 2014