fkie_cve-2014-1546
Vulnerability from fkie_nvd
Published
2014-08-14 11:15
Modified
2025-04-12 10:46
Severity ?
Summary
The response function in the JSONP endpoint in WebService/Server/JSONRPC.pm in jsonrpc.cgi in Bugzilla 3.x and 4.x before 4.0.14, 4.1.x and 4.2.x before 4.2.10, 4.3.x and 4.4.x before 4.4.5, and 4.5.x before 4.5.5 accepts certain long callback values and does not restrict the initial bytes of a JSONP response, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted OBJECT element with SWF content consistent with the _bz_callback character set.
References
security@mozilla.orghttp://advisories.mageia.org/MGASA-2014-0349.html
security@mozilla.orghttp://lists.fedoraproject.org/pipermail/package-announce/2014-August/136217.html
security@mozilla.orghttp://lists.fedoraproject.org/pipermail/package-announce/2014-August/136369.html
security@mozilla.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2014:169
security@mozilla.orghttp://www.securityfocus.com/archive/1/532895
security@mozilla.orghttp://www.securitytracker.com/id/1030648
security@mozilla.orghttps://bugzilla.mozilla.org/show_bug.cgi?id=1036213Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://advisories.mageia.org/MGASA-2014-0349.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136217.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136369.html
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2014:169
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/532895
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1030648
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.mozilla.org/show_bug.cgi?id=1036213Vendor Advisory
Impacted products
Vendor Product Version
mozilla bugzilla 3.0
mozilla bugzilla 3.0
mozilla bugzilla 3.0.0
mozilla bugzilla 3.0.1
mozilla bugzilla 3.0.2
mozilla bugzilla 3.0.3
mozilla bugzilla 3.0.4
mozilla bugzilla 3.0.5
mozilla bugzilla 3.0.6
mozilla bugzilla 3.0.7
mozilla bugzilla 3.0.8
mozilla bugzilla 3.0.9
mozilla bugzilla 3.0.10
mozilla bugzilla 3.0.11
mozilla bugzilla 3.1.0
mozilla bugzilla 3.1.1
mozilla bugzilla 3.1.2
mozilla bugzilla 3.1.3
mozilla bugzilla 3.1.4
mozilla bugzilla 3.2
mozilla bugzilla 3.2
mozilla bugzilla 3.2
mozilla bugzilla 3.2.1
mozilla bugzilla 3.2.2
mozilla bugzilla 3.2.3
mozilla bugzilla 3.2.4
mozilla bugzilla 3.2.5
mozilla bugzilla 3.2.6
mozilla bugzilla 3.2.7
mozilla bugzilla 3.2.8
mozilla bugzilla 3.2.9
mozilla bugzilla 3.2.10
mozilla bugzilla 3.3
mozilla bugzilla 3.3.1
mozilla bugzilla 3.3.2
mozilla bugzilla 3.3.3
mozilla bugzilla 3.3.4
mozilla bugzilla 3.4
mozilla bugzilla 3.4
mozilla bugzilla 3.4.1
mozilla bugzilla 3.4.2
mozilla bugzilla 3.4.3
mozilla bugzilla 3.4.4
mozilla bugzilla 3.4.5
mozilla bugzilla 3.4.6
mozilla bugzilla 3.4.7
mozilla bugzilla 3.4.8
mozilla bugzilla 3.4.9
mozilla bugzilla 3.4.10
mozilla bugzilla 3.4.11
mozilla bugzilla 3.4.12
mozilla bugzilla 3.4.13
mozilla bugzilla 3.5
mozilla bugzilla 3.5.1
mozilla bugzilla 3.5.2
mozilla bugzilla 3.5.3
mozilla bugzilla 3.6
mozilla bugzilla 3.6
mozilla bugzilla 3.6.0
mozilla bugzilla 3.6.1
mozilla bugzilla 3.6.2
mozilla bugzilla 3.6.3
mozilla bugzilla 3.6.4
mozilla bugzilla 3.6.5
mozilla bugzilla 3.6.6
mozilla bugzilla 3.6.7
mozilla bugzilla 3.6.8
mozilla bugzilla 3.6.9
mozilla bugzilla 3.6.10
mozilla bugzilla 3.6.11
mozilla bugzilla 3.6.12
mozilla bugzilla 3.6.13
mozilla bugzilla 3.7
mozilla bugzilla 3.7.1
mozilla bugzilla 3.7.2
mozilla bugzilla 3.7.3
mozilla bugzilla 4.0
mozilla bugzilla 4.0
mozilla bugzilla 4.0
mozilla bugzilla 4.0.1
mozilla bugzilla 4.0.2
mozilla bugzilla 4.0.3
mozilla bugzilla 4.0.4
mozilla bugzilla 4.0.5
mozilla bugzilla 4.0.6
mozilla bugzilla 4.0.7
mozilla bugzilla 4.0.8
mozilla bugzilla 4.0.9
mozilla bugzilla 4.0.10
mozilla bugzilla 4.0.11
mozilla bugzilla 4.0.12
mozilla bugzilla 4.0.13
mozilla bugzilla 4.1
mozilla bugzilla 4.1.1
mozilla bugzilla 4.1.2
mozilla bugzilla 4.1.3
mozilla bugzilla 4.2
mozilla bugzilla 4.2
mozilla bugzilla 4.2
mozilla bugzilla 4.2.1
mozilla bugzilla 4.2.2
mozilla bugzilla 4.2.3
mozilla bugzilla 4.2.4
mozilla bugzilla 4.2.5
mozilla bugzilla 4.2.6
mozilla bugzilla 4.2.7
mozilla bugzilla 4.2.8
mozilla bugzilla 4.2.9
mozilla bugzilla 4.3
mozilla bugzilla 4.3.1
mozilla bugzilla 4.3.2
mozilla bugzilla 4.3.3
mozilla bugzilla 4.4
mozilla bugzilla 4.4
mozilla bugzilla 4.4
mozilla bugzilla 4.4.1
mozilla bugzilla 4.4.2
mozilla bugzilla 4.4.3
mozilla bugzilla 4.4.4
mozilla bugzilla 4.5
mozilla bugzilla 4.5.1
mozilla bugzilla 4.5.2
mozilla bugzilla 4.5.3
mozilla bugzilla 4.5.4


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4D9F54A-15A7-4899-B695-D9D8B96C4A9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "BD56D9C0-38C6-4679-8104-1A0B88B71C0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "45C36666-518F-4956-816A-940930425955",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF2DF96F-E45E-45AF-85E5-E939F923EC1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "80EBAA09-F2C8-445E-8E3A-B5F937E1B1E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "11C6713F-01ED-4AE9-AE42-89926067E6E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AB5010D-37A3-4B6E-92B6-6F41A3708851",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEB09719-122F-4D25-B680-18029D5D9DE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF585D92-9FAF-4858-A956-68AF77227333",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BA67823-C9D9-4C5B-A4ED-669E6F1851C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB0F7531-A660-4604-80BD-15B01E2916BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6FE6868-BB9F-4EB8-9E37-3438559CB01B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EC90352-C94A-4F47-AFB7-713B547373CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5E77E01-D779-482A-9FAC-4AC210B68771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "154EA18F-534C-4095-837D-BB9865D25F23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "585F05F2-B294-4218-9209-C487B4D2994B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3246890-8D66-474F-AC9C-BC556426467D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7090332F-4CC2-4ADD-AEEC-75238BCA55CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F960BE59-05B1-4438-A854-279612E13A7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F248EA4D-1A39-40FD-8D3C-9701D36FD6B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.2:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "170EB43B-9488-4E25-9401-B84DE838247B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.2:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "B1ED7682-A315-4F92-9F9F-38290BCC058E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "14B5A433-526F-436E-9FCD-B71E661180FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "48EDC5BC-AD4B-4E67-B79C-F44292307AB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FEC62B7-2CAA-4A0D-A9B2-B4A6B105A6F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B4A7A67-1355-4648-B8C9-3231BED96547",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "442AB3EE-61DF-4B25-ABEB-55905C01E376",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F825E34-D529-4ADC-A7D6-1BD9DAE86FC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1F92D0C-AF71-4FD3-BC4B-C6D0F1F84F9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBC26020-BFD7-493B-BDE2-1EC8DEA1A6DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "984463B4-00A8-423B-B0C5-A7C4FECF064C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C7DC534-FF77-414C-A1DC-945F508CC3C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEB4EF1D-D4D0-40DA-BE78-24FD48030EE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2962084-F778-4574-8105-8C5A260CCBD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF288A74-070E-4EB4-BB92-7D4D41635DD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B8B31F0-6FCC-4258-865B-B65ECBFAF252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A0CCF96-777F-4CEE-BC04-2974663CF5E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6A71919-DC70-4AE2-9D16-76A177DAE331",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.4:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "780896D3-3B49-486F-A136-D3D175C00A34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA43E47B-F474-4F5B-A91B-9AF99359FE5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7A3A453-EE50-458C-8F31-D7AA232006FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D920D39-683D-4F9F-AA85-3C4D1600DAD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7A4F1FD-2B00-4A99-AAA1-DBBFE3748D87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF6A3C0F-8778-4236-B4DC-41DBCF43EB62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D134D4D-6A95-48FE-B8E5-4F90692CB4FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "08C34E6F-8233-4575-AAE7-4DBFC27453F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D8155F8-CAB1-4EED-B576-F4102253BD25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "593D2F3B-A386-48D8-BF19-A12F1B4962A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "F37C651D-8989-478B-A991-654FCDEC8B1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE170AE5-37F5-4750-ACD9-13CA691A80C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DE75B2F-A183-4ED9-A9E9-7ADF54C341FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.4.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4D7380C-5608-4F96-82E3-4B36CDCD71EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "850ADB66-21F2-49CB-B105-BDA16A286CFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1907D4D0-9D6E-476E-BD1A-88A32D3EFE38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61DD0779-786E-4714-AA73-86FB19E26028",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8E8DD97-5799-465D-8B99-F2BD6AA681AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "03E40C09-0696-45BC-9AE8-9F6F20964600",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.6:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "397E07B5-3D9D-44C7-B8B3-18D04EE84405",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A1AD503-7F78-4597-AECD-6DC530AD4D3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCAD5285-E485-4F49-99CF-287545260FDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C193DF3-8D23-44A9-94DE-9F4F7358ED3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "80BA8C84-32C3-4ECF-B4C7-573B12441D22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "820EC9F1-B66C-43CE-B254-145F4AC23083",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4BDA6DC-8D53-417D-8320-CE266F8607B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B01E0D5-3F26-4A71-A22C-FAD7CBF47283",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C33D8DA-86A4-4A70-82F8-27D5DE3881EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "884D0728-8E3C-47F3-9DDD-FA976E1553EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.6.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C47C594A-D3B6-44FD-93D7-7E69212050BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.6.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "551303CA-63C5-4A3A-9280-ADB2B77C05F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.6.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "0777EB93-D11C-4837-BB7F-96DEC716E1BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.6.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "10FFAD30-56A0-40C8-AE70-70DD9904C528",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.6.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "3620DE78-AF48-44EC-B211-E0C26F4E951F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "2757B2A7-5232-4245-9CC6-91BF9E3ECA09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "740ADCB7-B296-4728-A73A-9691265B8F07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6187C92D-FEE9-4B1B-B7ED-9A1DD360B204",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "71213AF6-48CC-469F-9FBA-CAF1D3237657",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DABC1683-0E04-456E-9500-68D0D35815E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "38D71912-DCD6-44BB-8A86-72D207B49E58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "D5A8816A-84EE-44B0-AD3B-5C9BC9B3E71E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A367BFF0-397D-416F-960C-602E8B66421A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6229B76-3EB0-45D9-9667-7E94D0880AE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FCD8B47-9BF6-4F3E-AF88-0416BE31EC65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8D0ED4E-F1A7-43B7-B9D2-D6D6AA145459",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "93FE2861-A397-4439-9BB8-7B67D7F9D211",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AF08887-66BF-4B3C-81E9-F8443E7D3285",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2D243D2-0FD9-45E5-BE52-A2956F587122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "6038EF72-2CDC-42A1-A20A-B23459776E21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:4.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "66959932-AB8A-43C7-83CE-07EE576BF2F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:4.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "145D0FF7-1691-4A73-95FA-284A9EF79F65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:4.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9C9A0A8-139B-469D-ABE8-2724D65F7EAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:4.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A54C2C7-AA44-46E9-BF03-E00018084093",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:4.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "BECED922-3748-4534-9750-3A061B939A0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "85CDC579-6967-4E5C-B716-B2BC04F6DBF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "27783033-F558-427C-89A7-C3638C57F2A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E91557C7-8C53-49C4-8BC5-7F86D4AA09B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "50448355-F1D3-48AB-AED0-5FE027D7C199",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CE9B4E3-8044-4305-A517-E695D0831355",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "4BDA28D1-5B26-4FBA-B685-C230569AF024",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F61B90BF-3548-4D3A-BF70-A9DC96C11775",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD204F45-15FE-4677-BC4C-A53F322A3B15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "22FAFCDF-C615-4958-9C6D-E74EC11E9A62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D623AEB-622E-470E-898C-A447F9C4066A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:4.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9019921A-B8D2-4774-AB6B-673FC2FD2197",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:4.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DC1A059-DDE4-4442-BD90-20AB3CE0E1CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:4.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4801DB4A-F828-4E95-8619-F909D5D39524",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:4.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E0D48CD-C77A-4D86-B091-2B8DF3ADA6D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:4.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "956C5C97-E7A8-49F2-8AC6-9570A5948395",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:4.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "281A3D1A-1F92-454D-AE09-522114FF9D8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F119CA93-4D32-4852-90AD-A23215D6CBAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CA9A1C4-412D-4EED-8259-04F48322238B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "27847E43-22AD-468D-8E64-8D56EA8CBE50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DBB66FA-6E99-4F08-A223-6070E193B869",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:4.4:-:*:*:*:*:*:*",
              "matchCriteriaId": "4ED67179-EEEB-488A-BD1C-9AE336D16AB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:4.4:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "FF326273-99CF-40C3-B112-F5F18C94978F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:4.4:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "ECED66BE-C877-4250-AC7A-FAEAD9DAAC31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:4.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FFFD96D-D0B5-47BB-91D9-3736E343711E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:4.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D710732-6D93-4143-874F-81B19F70FBEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:4.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD56846F-40B5-4A45-99DB-44C56E3A20A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:4.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "32C22A06-5F01-4C6A-886F-E3C0776C3C5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FA8C43E-AD0C-45F7-BC20-61358C7F23EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:4.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E86608A6-8B14-4D27-A86B-1DD10E1F7825",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:4.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7F176CD-2EE5-4C7D-A376-4EA8918610C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:4.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BD5F23A-33EC-4D8A-B39D-972A048DAB0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:bugzilla:4.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1F3C39E-50A1-4005-AC0B-097A1FA6E1C2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The response function in the JSONP endpoint in WebService/Server/JSONRPC.pm in jsonrpc.cgi in Bugzilla 3.x and 4.x before 4.0.14, 4.1.x and 4.2.x before 4.2.10, 4.3.x and 4.4.x before 4.4.5, and 4.5.x before 4.5.5 accepts certain long callback values and does not restrict the initial bytes of a JSONP response, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted OBJECT element with SWF content consistent with the _bz_callback character set."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n de respuesta en el endpoint JSONP en WebService/Server/JSONRPC.pm en jsonrpc.cgi en Bugzilla 3.x y 4.x anterior a 4.0.14, 4.1.x y 4.2.x anterior a 4.2.10, 4.3.x y 4.4.x anterior a 4.4.5, y 4.5.x anterior a 4.5.5 acepta ciertos valores de devoluci\u00f3n de llamada largos y no restringe los bytes iniciales de una respuesta JSONP, lo que permite a atacantes remotos realizar ataques de CSRF, y obtener informaci\u00f3n sensible, a trav\u00e9s de un elemento OBJECT manipulado con contenido SWF consistente con el juego de acarcteres _bz_callback."
    }
  ],
  "id": "CVE-2014-1546",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-08-14T11:15:23.237",
  "references": [
    {
      "source": "security@mozilla.org",
      "url": "http://advisories.mageia.org/MGASA-2014-0349.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136217.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136369.html"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:169"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.securityfocus.com/archive/1/532895"
    },
    {
      "source": "security@mozilla.org",
      "url": "http://www.securitytracker.com/id/1030648"
    },
    {
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1036213"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://advisories.mageia.org/MGASA-2014-0349.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136217.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136369.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:169"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/532895"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1030648"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1036213"
    }
  ],
  "sourceIdentifier": "security@mozilla.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.