VYPR
Unrated severityNVD Advisory· Published Sep 15, 2009· Updated Jun 16, 2026

CVE-2009-3166

CVE-2009-3166

Description

token.cgi in Bugzilla 3.4rc1 through 3.4.1 places a password in a URL at the beginning of a login session that occurs immediately after a password reset, which allows context-dependent attackers to discover passwords by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • cpe:2.3:a:mozilla:bugzilla:3.4:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:mozilla:bugzilla:3.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:3.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:3.4:rc1:*:*:*:*:*:*
  • Range: >=3.4rc1, <=3.4.1

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.