Cross-site request forgery (CSRF) vulnerability in jsonrpc.cgi in Bugzilla 3.5.x and 3.6.x prior to 3.6.8, 3.7.x and 4.0.x prior to 4.0.4, and 4.1.x and 4.2.x prior to 4.2rc2 allows remote malicious users to hijack the authentication of arbitrary users for requests that use the JSON-RPC API.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla bugzilla 3.6.7 |
||
mozilla bugzilla 3.6.3 |
||
mozilla bugzilla 3.6 |
||
mozilla bugzilla 3.6.5 |
||
mozilla bugzilla 3.6.6 |
||
mozilla bugzilla 3.6.1 |
||
mozilla bugzilla 3.6.0 |
||
mozilla bugzilla 3.6.2 |
||
mozilla bugzilla 3.6.4 |
||
mozilla bugzilla 3.7.3 |
||
mozilla bugzilla 3.7 |
||
mozilla bugzilla 3.7.1 |
||
mozilla bugzilla 3.7.2 |
||
mozilla bugzilla 4.0.1 |
||
mozilla bugzilla 4.0 |
||
mozilla bugzilla 4.0.2 |
||
mozilla bugzilla 4.0.3 |
||
mozilla bugzilla 3.5.2 |
||
mozilla bugzilla 3.5.3 |
||
mozilla bugzilla 3.5.1 |
||
mozilla bugzilla 3.5 |
||
mozilla bugzilla 4.1 |
||
mozilla bugzilla 4.1.2 |
||
mozilla bugzilla 4.1.3 |
||
mozilla bugzilla 4.1.1 |
||
mozilla bugzilla 4.2 |