CVE-2003-0603 — Mozilla Bugzilla vulnerability

3 documents3 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 74.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Bugzilla

Timeline

PublishedAug 27

Latest updateApr 29

Description

Bugzilla 2.16.x before 2.16.3, 2.17.x before 2.17.4, and earlier versions allows local users to overwrite arbitrary files via a symlink attack on temporary files that are created in directories with group-writable or world-writable permissions.

CVSS vector

AV:L/AC:L/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

▶NVDmozilla/bugzilla14 versions+13

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-3c2r-qjq2-2r45: Bugzilla 2↗2022-04-29

▶

CVEList

CVE-2003-0603: Bugzilla 2↗2003-07-29

▶