email_in.pl in Bugzilla 2.23.4, 3.0.x prior to 3.0.4, and 3.1.x prior to 3.1.4 allows remote authenticated users to more easily spoof the changer of a bug via a @reporter command in the body of an e-mail message, which overrides the e-mail address as normally obtained from the From e-mail header. NOTE: since From headers are easily spoofed, this only crosses privilege boundaries in environments that provide additional verification of e-mail addresses.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla bugzilla 2.10 |
||
mozilla bugzilla 2.12 |
||
mozilla bugzilla 2.14.4 |
||
mozilla bugzilla 2.14.5 |
||
mozilla bugzilla 2.16.5 |
||
mozilla bugzilla 2.16.6 |
||
mozilla bugzilla 2.17.3 |
||
mozilla bugzilla 2.17.4 |
||
mozilla bugzilla 2.18.4 |
||
mozilla bugzilla 2.18.5 |
||
mozilla bugzilla 2.19.3 |
||
mozilla bugzilla 2.20.1 |
||
mozilla bugzilla 2.21.1 |
||
mozilla bugzilla 2.21.2 |
||
mozilla bugzilla 2.23 |
||
mozilla bugzilla 2.23.1 |
||
mozilla bugzilla 3.0.0 |
||
mozilla bugzilla 3.0.1 |
||
mozilla bugzilla 2.14 |
||
mozilla bugzilla 2.14.1 |
||
mozilla bugzilla 2.16.11 |
||
mozilla bugzilla 2.16.2 |
||
mozilla bugzilla 2.16.9 |
||
mozilla bugzilla 2.16 |
||
mozilla bugzilla 2.17.7 |
||
mozilla bugzilla 2.18.1 |
||
mozilla bugzilla 2.18 |
||
mozilla bugzilla 2.20.4 |
||
mozilla bugzilla 2.20.5 |
||
mozilla bugzilla 2.20.6 |
||
mozilla bugzilla 2.22.2 |
||
mozilla bugzilla 2.22.3 |
||
mozilla bugzilla 2.23.4 |
||
mozilla bugzilla 2.4 |
||
mozilla bugzilla 3.1.2 |
||
mozilla bugzilla 2.16.1 |
||
mozilla bugzilla 2.16.10 |
||
mozilla bugzilla 2.16.7 |
||
mozilla bugzilla 2.16.8 |
||
mozilla bugzilla 2.17.5 |
||
mozilla bugzilla 2.17.6 |
||
mozilla bugzilla 2.18.6 |
||
mozilla bugzilla 2.20.2 |
||
mozilla bugzilla 2.20.3 |
||
mozilla bugzilla 2.22 |
||
mozilla bugzilla 2.22.1 |
||
mozilla bugzilla 2.23.2 |
||
mozilla bugzilla 2.23.3 |
||
mozilla bugzilla 3.0.2 |
||
mozilla bugzilla 3.1.0 |
||
mozilla bugzilla 3.1.1 |
||
mozilla bugzilla 2.14.2 |
||
mozilla bugzilla 2.14.3 |
||
mozilla bugzilla 2.16.3 |
||
mozilla bugzilla 2.16.4 |
||
mozilla bugzilla 2.16_rc2 |
||
mozilla bugzilla 2.17.1 |
||
mozilla bugzilla 2.17.2 |
||
mozilla bugzilla 2.18.2 |
||
mozilla bugzilla 2.18.3 |
||
mozilla bugzilla 2.19.1 |
||
mozilla bugzilla 2.19.2 |
||
mozilla bugzilla 2.20 |
||
mozilla bugzilla 2.22.4 |
||
mozilla bugzilla 2.6 |
||
mozilla bugzilla 2.8 |