CVE-2009-3386 — Sensitive Information Exposure in Mozilla Bugzilla

CWE-200 — Sensitive Information Exposure13 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

0.7%

top 29.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Bugzilla

Timeline

PublishedNov 20

Latest updateJun 18

Description

Template.pm in Bugzilla 3.3.2 through 3.4.3 and 3.5 through 3.5.1 allows remote attackers to discover the alias of a private bug by reading the (1) Depends On or (2) Blocks field of a related bug.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmozilla/bugzilla9 versions+8

Patches

Patch: www.bugzilla.org ↗Patch: www.securityfocus.com ↗Patch: www.vupen.com ↗

🔴Vulnerability Details

GHSA

GHSA-xf88-gp54-xgc2: Template↗2022-05-02

▶

CVEList

CVE-2009-3386: Template↗2009-11-20

▶

📋Vendor Advisories

Red Hat

kernel: KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0↗2025-06-18

▶

Red Hat

bugzilla hidden bug alias disclosure↗2009-11-18

▶

💬Community

Bugzilla

CVE-2009-3386 bugzilla hidden bug alias disclosure↗2009-11-20

▶

Bugzilla

CVE-2009-3386 bugzilla hidden bug alias disclosure [Fdevel]↗2009-11-20

▶

Bugzilla

CVE-2009-3386 bugzilla hidden bug alias disclosure [F11]↗2009-11-20

▶

Bugzilla

CVE-2009-3386 bugzilla hidden bug alias disclosure [F12]↗2009-11-20

▶

Bugzilla

CVE-2009-3014 firefox/seamonkey: XSS via improper handling of javascript: URIs in certain HTML links↗2009-08-31

▶