CVE-2009-0486

CVE Database · CVE-2009-0486

CVE-2009-0486

· N/AModified

CVSS v3.1

N/A

EPSS

0.57%

Published

Feb 9, 2009

Modified

Apr 22, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.

Weaknesses (CWE)

CWE-352

Affected Products (3)

mozilla · bugzillavulnerable

References (10)

http://secunia.com/advisories/34361

http://www.bugzilla.org/security/3.0.7/

Vendor Advisory

http://www.securityfocus.com/bid/33581

https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00664.html

https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00687.html