CVE-2012-0448Improper Input Validation in Mozilla Bugzilla

CWE-20Improper Input Validation6 documents4 sources
Severity
4.0MEDIUMNVD
EPSS
0.4%
top 41.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Bugzilla
Timeline
PublishedFeb 2
Latest updateMay 4

Description

Bugzilla 2.x and 3.x before 3.4.14, 3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and 4.1.x and 4.2.x before 4.2rc2 does not reject non-ASCII characters in e-mail addresses of new user accounts, which makes it easier for remote authenticated users to spoof other user accounts by choosing a similar e-mail address.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

NVDmozilla/bugzilla147 versions+146

Patches

Patch: bugzilla.mozilla.orgPatch: bugzilla.mozilla.org

🔴Vulnerability Details

2
GHSA
GHSA-3pww-q2mq-vwqc: Bugzilla 22022-05-04
CVEList
CVE-2012-0448: Bugzilla 22012-02-02

💬Community

3
Bugzilla
CVE-2012-0440 CVE-2012-0448 bugzila: two flaws fixed in 4.2rc2, 4.0.4, 3.6.8, and 3.4.14 [epel-all]2012-02-01
Bugzilla
CVE-2012-0440 CVE-2012-0448 bugzila: two flaws fixed in 4.2rc2, 4.0.4, 3.6.8, and 3.4.142012-02-01
Bugzilla
CVE-2012-0440 CVE-2012-0448 bugzila: two flaws fixed in 4.2rc2, 4.0.4, 3.6.8, and 3.4.14 [fedora-all]2012-02-01
CVE-2012-0448 — Improper Input Validation in Mozilla | cvebase