CVE-2014-8630

Currently unrated

Key Information:

Vendor: Mozilla
Status: Bugzilla
Vendor: CVE Published:; 1 February 2015

Summary

Bugzilla before 4.0.16, 4.1.x and 4.2.x before 4.2.12, 4.3.x and 4.4.x before 4.4.7, and 5.x before 5.0rc1 allows remote authenticated users to execute arbitrary commands by leveraging the editcomponents privilege and triggering crafted input to a two-argument Perl open call, as demonstrated by shell metacharacters in a product name.

References

http://advisories.mageia.org/MGASA-2015-0048.html

x_refsource_CONFIRM

https://bugzilla.mozilla.org/show_bug.cgi?id=1079065

x_refsource_CONFIRM

http://lists.fedoraproject.org/pipermail/package-announce...

vendor-advisoryx_refsource_FEDORA

Timeline

Vulnerability published
Feb 1, 2015
Vulnerability Reserved
Nov 6, 2014