1
Candidate: CVE-2012-0440
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0440
5
http://www.bugzilla.org/security/3.4.13/
7
Cross-site request forgery (CSRF) vulnerability in jsonrpc.cgi in Bugzilla
8
3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and 4.1.x and
9
4.2.x before 4.2rc2 allows remote attackers to hijack the authentication of
10
arbitrary users for requests that use the JSON-RPC API.
13
tyhicks> marking it as low because I don't think the JSON-RPC API is
16
https://bugzilla.mozilla.org/show_bug.cgi?id=718319
22
upstream_bugzilla: needs-triage
23
hardy_bugzilla: ignored (reached end-of-life)
24
lucid_bugzilla: not-affected (3.2.5.1-2)
25
maverick_bugzilla: ignored (reached end-of-life)
26
natty_bugzilla: ignored (reached end-of-life)
27
oneiric_bugzilla: ignored (reached end-of-life)