CVE-2009-3387

CVE Database · CVE-2009-3387

CVE-2009-3387

· N/AModified

CVSS v3.1

N/A

EPSS

1.69%

Published

Feb 3, 2010

Modified

Apr 28, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Bugzilla 3.3.1 through 3.4.4, 3.5.1, and 3.5.2 does not allow group restrictions to be preserved throughout the process of moving a bug to a different product category, which allows remote attackers to obtain sensitive information via a request for a bug in opportunistic circumstances.

Weaknesses (CWE)

CWE-264

Affected Products (10)

mozilla · bugzillavulnerable

References (12)

http://secunia.com/advisories/38443

Vendor Advisory

http://www.securityfocus.com/archive/1/509282/100/0/threaded

http://www.securityfocus.com/bid/38026

http://www.vupen.com/english/advisories/2010/0261

PatchVendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=532493

https://exchange.xforce.ibmcloud.com/vulnerabilities/56004

http://secunia.com/advisories/38443

Vendor Advisory

http://www.securityfocus.com/archive/1/509282/100/0/threaded

http://www.securityfocus.com/bid/38026

KEV Catalog EPSS Scores Vendors All CVEs