Security News > 2015 > September > Critical Bugzilla flaw allows access to unpatched vulnerability information (Help Net Security)
2015-09-18 08:46
Mozilla has patched a critical vulnerability (CVE-2015-4499) in its popular open source bug-tracking Bugzilla software - a vulnerability that can be exploited by attackers to gain access to informatio...
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/buq1krkpU5M/secworld.php
Related news
- Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) (source)
- Two simple give-me-control security bugs found in Optigo network switches used in critical manufacturing (source)
- Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches (source)
- Experts Warn of Critical Unpatched Vulnerability in Linear eMerge E3 Systems (source)
- New Critical GitLab Vulnerability Could Allow Arbitrary CI/CD Pipeline Execution (source)
- Critical Veeam Vulnerability Exploited to Spread Akira and Fog Ransomware (source)
- Critical Kubernetes Image Builder Vulnerability Exposes Nodes to Root Access Risk (source)
- Fortinet releases patches for undisclosed critical FortiManager vulnerability (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-09-14 | CVE-2015-4499 | Improper Input Validation vulnerability in Mozilla Bugzilla Util.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.15, 4.3.x and 4.4.x before 4.4.10, and 5.x before 5.0.1 mishandles long e-mail addresses during account registration, which allows remote attackers to obtain the default privileges for an arbitrary domain name by placing that name in a substring of an address, as demonstrated by truncation of an @mozilla.com.example.com address to an @mozilla.com address. | 0.0 |