CVE-2014-1546
Bugzilla 3.x-4.0.13, 4.1.x-4.2.9, 4.3.x-4.4.4, 4.5.x-4.5.4 - Cross-Site Request Forgery via JSONP Callback
Title source: llmDescription
The response function in the JSONP endpoint in WebService/Server/JSONRPC.pm in jsonrpc.cgi in Bugzilla 3.x and 4.x before 4.0.14, 4.1.x and 4.2.x before 4.2.10, 4.3.x and 4.4.x before 4.4.5, and 4.5.x before 4.5.5 accepts certain long callback values and does not restrict the initial bytes of a JSONP response, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted OBJECT element with SWF content consistent with the _bz_callback character set.
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/532895
Vendor Advisory x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=1036213
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136369.html
Third Party Advisory x_refsource_confirm
http://advisories.mageia.org/MGASA-2014-0349.html
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2014:169
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136217.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1030648
Scores
EPSS
0.0022
EPSS Percentile
44.9%
Details
CWE
CWE-352
Status
published
Products (46)
mozilla/bugzilla
3.0 (2 CPE variants)
mozilla/bugzilla
3.0.0
mozilla/bugzilla
3.0.1
mozilla/bugzilla
3.0.2
mozilla/bugzilla
3.0.3
mozilla/bugzilla
3.0.4
mozilla/bugzilla
3.0.5
mozilla/bugzilla
3.0.6
mozilla/bugzilla
3.0.7
mozilla/bugzilla
3.0.8
... and 36 more
Published
Aug 14, 2014
Tracked Since
Feb 18, 2026