Email Address Parsing Flaw in Bugzilla by Mozilla
CVE-2015-4499

Currently unrated

Key Information:

Vendor: Mozilla
Status: Bugzilla
Vendor: CVE Published:; 14 September 2015

What is CVE-2015-4499?

A flaw in Bugzilla's handling of long email addresses during the account registration process allows attackers to exploit this vulnerability. By manipulating the structure of an email address, such as truncating it incorrectly, an attacker could potentially obtain access to default privileges associated with arbitrary domain names. This issue affects multiple versions of Bugzilla, emphasizing the need for timely updates to secure user accounts from unauthorized access.

References

http://lists.fedoraproject.org/pipermail/package-announce...

vendor-advisoryx_refsource_FEDORA

http://www.securitytracker.com/id/1033542

vdb-entryx_refsource_SECTRACK

http://seclists.org/bugtraq/2015/Sep/48

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Sep 14, 2015
Vulnerability Reserved
Jun 10, 2015