Published: 16/08/2010 Updated: 08/09/2010

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Search.pm in Bugzilla 2.19.1 up to and including 3.2.7, 3.3.1 up to and including 3.4.7, 3.5.1 up to and including 3.6.1, and 3.7 up to and including 3.7.2 allows remote malicious users to determine the group memberships of arbitrary users via vectors involving the Search interface, boolean charts, and group-based pronouns.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla bugzilla 2.19.1
mozilla bugzilla 2.20.4
mozilla bugzilla 2.20.5
mozilla bugzilla 2.21.2
mozilla bugzilla 2.22
mozilla bugzilla 2.23
mozilla bugzilla 2.9
mozilla bugzilla 3.0
mozilla bugzilla 3.0.4
mozilla bugzilla 3.0.5
mozilla bugzilla 3.1.1
mozilla bugzilla 3.2.5
mozilla bugzilla 3.2.4
mozilla bugzilla 3.2.7
mozilla bugzilla 3.3.1
mozilla bugzilla 3.4.4
mozilla bugzilla 3.4.5
mozilla bugzilla 3.7
mozilla bugzilla 3.7.1
mozilla bugzilla 2.20.2
mozilla bugzilla 2.20.3
mozilla bugzilla 2.21
mozilla bugzilla 2.21.1
mozilla bugzilla 2.22.6
mozilla bugzilla 2.22.7
mozilla bugzilla 2.6
mozilla bugzilla 2.19.2
mozilla bugzilla 2.19.3
mozilla bugzilla 2.20.6
mozilla bugzilla 2.20.7
mozilla bugzilla 2.22.1
mozilla bugzilla 2.22.3
mozilla bugzilla 2.23.1
mozilla bugzilla 2.23.2
mozilla bugzilla 2.23.3
mozilla bugzilla 3.0.0
mozilla bugzilla 3.0.1
mozilla bugzilla 3.0.6
mozilla bugzilla 3.0.7
mozilla bugzilla 3.2.3
mozilla bugzilla 3.2.2
mozilla bugzilla 3.3.2
mozilla bugzilla 3.3.3
mozilla bugzilla 3.4.6
mozilla bugzilla 3.4.7
mozilla bugzilla 3.7.2
mozilla bugzilla 2.8
mozilla bugzilla 3.0.2
mozilla bugzilla 3.0.3
mozilla bugzilla 3.1.0
mozilla bugzilla 3.1.3
mozilla bugzilla 3.2.6
mozilla bugzilla 3.4.2
mozilla bugzilla 3.4.3
mozilla bugzilla 3.5.3
mozilla bugzilla 3.6
mozilla bugzilla 3.6.1
mozilla bugzilla 2.2
mozilla bugzilla 2.20
mozilla bugzilla 2.20.1
mozilla bugzilla 2.22.4
mozilla bugzilla 2.22.5
mozilla bugzilla 2.23.4
mozilla bugzilla 2.4
mozilla bugzilla 3.0.10
mozilla bugzilla 3.0.11
mozilla bugzilla 3.0.8
mozilla bugzilla 3.0.9
mozilla bugzilla 3.2
mozilla bugzilla 3.1.2
mozilla bugzilla 3.3.4
mozilla bugzilla 3.4.1
mozilla bugzilla 3.5.1
mozilla bugzilla 3.5.2

CWE-264 http://www.bugzilla.org/security/3.2.7/https://bugzilla.redhat.com/show_bug.cgi?id=623423 http://secunia.com/advisories/40892 http://www.vupen.com/english/advisories/2010/2035 https://bugzilla.mozilla.org/show_bug.cgi?id=417048 http://www.securityfocus.com/bid/42275 http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046518.html http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046546.html http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046534.html http://www.vupen.com/english/advisories/2010/2205 http://secunia.com/advisories/41128 https://nvd.nist.gov

Get Started

CVE-2010-2756

Vulnerability Summary

References

Vulmon Search

About

Products

Connect