Candidate: CVE-2014-1517
PublicDate: 2014-04-20 01:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1517
 https://bugzilla.mozilla.org/show_bug.cgi?id=713926
 http://www.bugzilla.org/security/4.0.11/
 http://git.mozilla.org/?p=bugzilla/bugzilla.git;a=commit;h=0e390970ba51b14a5dc780be7c6f0d6d7baa67e3
Description:
 The login form in Bugzilla 2.x, 3.x, 4.x before 4.4.3, and 4.5.x before
 4.5.3 does not properly handle a correctly authenticated but unintended
 login attempt, which makes it easier for remote authenticated users to
 obtain sensitive information by arranging for a victim to login to the
 attacker's account and then submit a vulnerability report, related to a
 "login CSRF" issue.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_bugzilla:
upstream_bugzilla: released (4.4.3, 4.5.3)
lucid_bugzilla: ignored (reached end-of-life)
precise_bugzilla: DNE
quantal_bugzilla: DNE
saucy_bugzilla: DNE
trusty_bugzilla: DNE
trusty/esm_bugzilla: DNE
devel_bugzilla: DNE