Published: 09/02/2009 Updated: 25/03/2009

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

VMScore: 516

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P

Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.22 prior to 2.22.7, 3.0 prior to 3.0.7, 3.2 prior to 3.2.1, and 3.3 prior to 3.3.2 allows remote malicious users to delete keywords and user preferences via a link or IMG tag to (1) editkeywords.cgi or (2) userprefs.cgi.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla bugzilla 2.14.5
mozilla bugzilla 2.14.2
mozilla bugzilla 2.16.6
mozilla bugzilla 2.16.11
mozilla bugzilla 2.17.3
mozilla bugzilla 2.17.4
mozilla bugzilla 2.18.1
mozilla bugzilla 2.18.6
mozilla bugzilla 2.18.8
mozilla bugzilla 2.18.7
mozilla bugzilla 2.18
mozilla bugzilla 2.19.3
mozilla bugzilla 2.20.1
mozilla bugzilla 2.20.5
mozilla bugzilla 2.21.2
mozilla bugzilla 2.22.4
mozilla bugzilla 2.22
mozilla bugzilla 3.0.5
mozilla bugzilla 3.0.6
mozilla bugzilla 2.10
mozilla bugzilla 2.16
mozilla bugzilla 2.16.4
mozilla bugzilla 2.16.7
mozilla bugzilla 2.17.2
mozilla bugzilla 2.16_rc2
mozilla bugzilla 2.17
mozilla bugzilla 2.17.1
mozilla bugzilla 2.17.7
mozilla bugzilla 2.19.2
mozilla bugzilla 2.20
mozilla bugzilla 2.20.6
mozilla bugzilla 2.22.1
mozilla bugzilla 2.22.2
mozilla bugzilla 2.22.3
mozilla bugzilla 3.0.3
mozilla bugzilla 3.0.4
mozilla bugzilla 2.14.1
mozilla bugzilla 2.14.4
mozilla bugzilla 2.16.10
mozilla bugzilla 2.16.3
mozilla bugzilla 2.16.2
mozilla bugzilla 2.17.5
mozilla bugzilla 2.18.2
mozilla bugzilla 2.18.4
mozilla bugzilla 2.19
mozilla bugzilla 2.19.1
mozilla bugzilla 2.18.9
mozilla bugzilla 2.21
mozilla bugzilla 2.20.4
mozilla bugzilla 2.22.5
mozilla bugzilla 3.0.0
mozilla bugzilla 2.22.6
mozilla bugzilla 3.2
mozilla bugzilla 2.12
mozilla bugzilla 2.14
mozilla bugzilla 2.14.3
mozilla bugzilla 2.16.5
mozilla bugzilla 2.16.1
mozilla bugzilla 2.16.8
mozilla bugzilla 2.17.6
mozilla bugzilla 2.16.9
mozilla bugzilla 2.18.3
mozilla bugzilla 2.18.5
mozilla bugzilla 2.20.2
mozilla bugzilla 2.20.3
mozilla bugzilla 2.21.1
mozilla bugzilla 3.0.1
mozilla bugzilla 3.0.2
mozilla bugzilla 3.3.1

CWE-352 http://www.bugzilla.org/security/2.22.6/https://bugzilla.mozilla.org/show_bug.cgi?id=466692 https://bugzilla.mozilla.org/show_bug.cgi?id=472362 http://www.securityfocus.com/bid/33580 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00664.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00687.html http://secunia.com/advisories/34361 https://nvd.nist.gov

Get Started

CVE-2009-0483

Vulnerability Summary

References

Vulmon Search

About

Products

Connect