CVE-2010-4568

N/A Unknown

Published: January 28, 2011 Modified: April 29, 2026

Description

Bugzilla 2.14 through 2.22.7; 3.0.x, 3.1.x, and 3.2.x before 3.2.10; 3.4.x before 3.4.10; 3.6.x before 3.6.4; and 4.0.x before 4.0rc2 does not properly generate random values for cookies and tokens, which allows remote attackers to obtain access to arbitrary accounts via unspecified vectors, related to an insufficient number of calls to the srand function.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html

Source: cve@mitre.org

http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html

Source: cve@mitre.org

http://osvdb.org/70700

Source: cve@mitre.org

http://secunia.com/advisories/43033

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/43165

Source: cve@mitre.org

http://www.bugzilla.org/security/3.2.9/

Source: cve@mitre.org

Vendor Advisory

http://www.debian.org/security/2011/dsa-2322

Source: cve@mitre.org

http://www.securityfocus.com/bid/45982

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2011/0207

Source: cve@mitre.org

Vendor Advisory

http://www.vupen.com/english/advisories/2011/0271

Source: cve@mitre.org

https://bugzilla.mozilla.org/attachment.cgi?id=506031&action=diff

Source: cve@mitre.org

https://bugzilla.mozilla.org/show_bug.cgi?id=619594

Source: cve@mitre.org

https://bugzilla.mozilla.org/show_bug.cgi?id=621591

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/65001

Source: cve@mitre.org

http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053665.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053678.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/70700

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/43033

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/43165

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.bugzilla.org/security/3.2.9/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.debian.org/security/2011/dsa-2322

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/45982

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2011/0207

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.vupen.com/english/advisories/2011/0271

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.mozilla.org/attachment.cgi?id=506031&action=diff

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.mozilla.org/show_bug.cgi?id=619594

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.mozilla.org/show_bug.cgi?id=621591

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/65001

Source: af854a3a-2127-422b-91ae-364da2661108

28 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

2.5%

83th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-264

Affected Vendors

mozilla

Related CVEs

CVE-2026-40941 N/A

CVE-2026-40084 6.5

CVE-2026-40083 7.2

CVE-2026-40082 5.4

CVE-2026-40080 6.1