CVE-2010-2470

Published: Jun 28, 2010Modified: Apr 29, 2026

1.9

Vector

AV:L/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 3.4 / Impact: 2.9

Source: NVD

Description

Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6.1 and 3.7 through 3.7.1, when use_suexec is enabled, uses world-readable permissions within (1) .bzr/ and (2) data/webdot/, which allows local users to obtain potentially sensitive data by reading files in these directories, a different vulnerability than CVE-2010-0180.

Affected (8)

Products: Mozilla: Bugzilla

Mozilla

1 product

Bugzilla

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Mozilla Bugzilla	Version 3.5.1
Mozilla Bugzilla	Version 3.5.2
Mozilla Bugzilla	Version 3.5.3
Mozilla Bugzilla	Version 3.6.1
Mozilla Bugzilla	Version 3.6
Mozilla Bugzilla	Version 3.6 rc1
Mozilla Bugzilla	Version 3.7.1
Mozilla Bugzilla	Version 3.7

Related CWEs

CWE-264

References (2)

https://bugzilla.mozilla.org/show_bug.cgi?id=561797

Source: cve@mitre.org

Patch

https://bugzilla.mozilla.org/show_bug.cgi?id=561797

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

Timeline

No history available yet.