cpe:/a:mozilla:bugzilla:3.2 cpe:/a:mozilla:bugzilla:3.2:rc1 cpe:/a:mozilla:bugzilla:3.2:rc2 cpe:/a:mozilla:bugzilla:3.2.1 cpe:/a:mozilla:bugzilla:3.2.2 cpe:/a:mozilla:bugzilla:3.3 cpe:/a:mozilla:bugzilla:3.3.1 cpe:/a:mozilla:bugzilla:3.3.2 cpe:/a:mozilla:bugzilla:3.3.3 CVE-2009-1213 2009-04-01T06:30:00.453-04:00 2017-08-16T21:30:14.067-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-04-01T12:20:00.000-04:00 ALLOWS_OTHER_ACCESS BID 34308 SECUNIA 34545 SECUNIA 34547 SECUNIA 34624 VUPEN ADV-2009-0887 FEDORA FEDORA-2009-3405 FEDORA FEDORA-2009-3410 XF bugzilla-attachment-csrf(49524) CONFIRM http://www.bugzilla.org/security/3.2.2/ CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=476603 Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 3.2 before 3.2.3, 3.3 before 3.3.4, and earlier versions allows remote attackers to hijack the authentication of arbitrary users for requests that use attachment editing.