CVE-2015-4499

Currently unrated

Key Information:

Vendor: Mozilla
Status: Bugzilla
Vendor: CVE Published:; 14 September 2015

Summary

Util.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.15, 4.3.x and 4.4.x before 4.4.10, and 5.x before 5.0.1 mishandles long e-mail addresses during account registration, which allows remote attackers to obtain the default privileges for an arbitrary domain name by placing that name in a substring of an address, as demonstrated by truncation of an @mozilla.com.example.com address to an @mozilla.com address.

References

http://lists.fedoraproject.org/pipermail/package-announce...

vendor-advisoryx_refsource_FEDORA

http://www.securitytracker.com/id/1033542

vdb-entryx_refsource_SECTRACK

http://seclists.org/bugtraq/2015/Sep/48

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Sep 14, 2015
Vulnerability Reserved
Jun 10, 2015