CVE-2009-1213

CVE Database · CVE-2009-1213

CVE-2009-1213

· N/AModified

CVSS v3.1

N/A

EPSS

0.69%

Published

Apr 1, 2009

Modified

Apr 22, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 3.2 before 3.2.3, 3.3 before 3.3.4, and earlier versions allows remote attackers to hijack the authentication of arbitrary users for requests that use attachment editing.

Weaknesses (CWE)

CWE-352

Affected Products (9)

mozilla · bugzillavulnerable

References (20)

http://secunia.com/advisories/34545

Vendor Advisory

http://secunia.com/advisories/34547

Vendor Advisory

http://secunia.com/advisories/34624

http://www.bugzilla.org/security/3.2.2/

PatchVendor Advisory

http://www.securityfocus.com/bid/34308

http://www.vupen.com/english/advisories/2009/0887

PatchVendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=476603

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/49524

KEV Catalog EPSS Scores Vendors All CVEs