CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
68.7%
Bugzilla 2.x and 3.x before 3.4.14, 3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and 4.1.x and 4.2.x before 4.2rc2 does not reject non-ASCII characters in e-mail addresses of new user accounts, which makes it easier for remote authenticated users to spoof other user accounts by choosing a similar e-mail address.
Vendor | Product | Version | CPE |
---|---|---|---|
mozilla | bugzilla | 2.0 | cpe:2.3:a:mozilla:bugzilla:2.0:*:*:*:*:*:*:* |
mozilla | bugzilla | 2.2 | cpe:2.3:a:mozilla:bugzilla:2.2:*:*:*:*:*:*:* |
mozilla | bugzilla | 2.4 | cpe:2.3:a:mozilla:bugzilla:2.4:*:*:*:*:*:*:* |
mozilla | bugzilla | 2.6 | cpe:2.3:a:mozilla:bugzilla:2.6:*:*:*:*:*:*:* |
mozilla | bugzilla | 2.8 | cpe:2.3:a:mozilla:bugzilla:2.8:*:*:*:*:*:*:* |
mozilla | bugzilla | 2.9 | cpe:2.3:a:mozilla:bugzilla:2.9:*:*:*:*:*:*:* |
mozilla | bugzilla | 2.10 | cpe:2.3:a:mozilla:bugzilla:2.10:*:*:*:*:*:*:* |
mozilla | bugzilla | 2.12 | cpe:2.3:a:mozilla:bugzilla:2.12:*:*:*:*:*:*:* |
mozilla | bugzilla | 2.14 | cpe:2.3:a:mozilla:bugzilla:2.14:*:*:*:*:*:*:* |
mozilla | bugzilla | 2.14.1 | cpe:2.3:a:mozilla:bugzilla:2.14.1:*:*:*:*:*:*:* |