Security News > 2015 > September > Critical Bugzilla flaw allows access to unpatched vulnerability information (Help Net Security)
2015-09-18 08:46
Mozilla has patched a critical vulnerability (CVE-2015-4499) in its popular open source bug-tracking Bugzilla software - a vulnerability that can be exploited by attackers to gain access to informatio...
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/buq1krkpU5M/secworld.php
Related news
- Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw (source)
- Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score (source)
- Don't Overlook These 6 Critical Okta Security Configurations (source)
- Citrix Releases Security Fix for NetScaler Console Privilege Escalation Vulnerability (source)
- 89% of Enterprise GenAI Usage Is Invisible to Organizations Exposing Critical Security Risks, New Report Reveals (source)
- Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-09-14 | CVE-2015-4499 | Improper Input Validation vulnerability in Mozilla Bugzilla Util.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.15, 4.3.x and 4.4.x before 4.4.10, and 5.x before 5.0.1 mishandles long e-mail addresses during account registration, which allows remote attackers to obtain the default privileges for an arbitrary domain name by placing that name in a substring of an address, as demonstrated by truncation of an @mozilla.com.example.com address to an @mozilla.com address. | 0.0 |