Security News > 2015 > September > Critical Bugzilla flaw allows access to unpatched vulnerability information (Help Net Security)
2015-09-18 08:46
Mozilla has patched a critical vulnerability (CVE-2015-4499) in its popular open source bug-tracking Bugzilla software - a vulnerability that can be exploited by attackers to gain access to informatio...
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/buq1krkpU5M/secworld.php
Related news
- Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability (source)
- Still Using an Older Version of iOS or iPadOS? Update Now to Patch These Critical Security Vulnerabilities (source)
- Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability (source)
- Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence (source)
- Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution (source)
- Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) (source)
- Majority of Browser Extensions Pose Critical Security Risk, A New Report Reveals (source)
- ThreatLocker Patch Management: A Security-First Approach to Closing Vulnerability Windows (source)
- Critical Windows Server 2025 dMSA Vulnerability Enables Active Directory Compromise (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-09-14 | CVE-2015-4499 | Improper Input Validation vulnerability in Mozilla Bugzilla Util.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.15, 4.3.x and 4.4.x before 4.4.10, and 5.x before 5.0.1 mishandles long e-mail addresses during account registration, which allows remote attackers to obtain the default privileges for an arbitrary domain name by placing that name in a substring of an address, as demonstrated by truncation of an @mozilla.com.example.com address to an @mozilla.com address. | 0.0 |