CVE-2009-3387

Published: Feb 3, 2010Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Bugzilla 3.3.1 through 3.4.4, 3.5.1, and 3.5.2 does not allow group restrictions to be preserved throughout the process of moving a bug to a different product category, which allows remote attackers to obtain sensitive information via a request for a bug in opportunistic circumstances.

Affected (10)

Products: Mozilla: Bugzilla

1 product

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Mozilla Bugzilla	Version 3.3.1
Mozilla Bugzilla	Version 3.3.2
Mozilla Bugzilla	Version 3.3.3
Mozilla Bugzilla	Version 3.3.4
Mozilla Bugzilla	Version 3.4.1
Mozilla Bugzilla	Version 3.4.2
Mozilla Bugzilla	Version 3.4.4
Mozilla Bugzilla	Version 3.4
Mozilla Bugzilla	Version 3.5.1
Mozilla Bugzilla	Version 3.5.2

Related CWEs

References (12)

http://secunia.com/advisories/38443

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/archive/1/509282/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/38026

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2010/0261

Source: cve@mitre.org

PatchVendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=532493

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/56004

Source: cve@mitre.org

http://secunia.com/advisories/38443

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/archive/1/509282/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/38026

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2010/0261

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=532493

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/56004

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.