CVE-2011-3669
Bugzilla 2.x-4.x - Cross-Site Request Forgery via Attachment Upload
Title source: llmDescription
Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2rc1 allows remote attackers to hijack the authentication of arbitrary users for requests that upload attachments.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=703983
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/47368
Exploit x_refsource_confirm
http://www.bugzilla.org/security/3.4.12/
Scores
EPSS
0.0095
EPSS Percentile
56.9%
Details
CWE
CWE-352
Status
published
Products (45)
mozilla/bugzilla
2.0
mozilla/bugzilla
2.2
mozilla/bugzilla
2.4
mozilla/bugzilla
2.6
mozilla/bugzilla
2.8
mozilla/bugzilla
2.9
mozilla/bugzilla
2.10
mozilla/bugzilla
2.12
mozilla/bugzilla
2.14
mozilla/bugzilla
2.14.1
... and 35 more
Published
Jan 02, 2012
Tracked Since
Feb 18, 2026