Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mozilla bugzilla 3.4 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2009-3125
SQL injection vulnerability in the Bug.search WebService function in Bugzilla 3.3.2 up to and including 3.4.1, and 3.5, allows remote malicious users to execute arbitrary SQL commands via unspecified parameters.
Mozilla Bugzilla 3.5
Mozilla Bugzilla 3.3.2
Mozilla Bugzilla 3.3.3
Mozilla Bugzilla 3.4
Mozilla Bugzilla 3.3.4
Mozilla Bugzilla 3.4.1
5
CVSSv2
CVE-2009-3166
token.cgi in Bugzilla 3.4rc1 up to and including 3.4.1 places a password in a URL at the beginning of a login session that occurs immediately after a password reset, which allows context-dependent malicious users to discover passwords by reading (1) web-server access logs, (2) we...
Mozilla Bugzilla 3.4
Mozilla Bugzilla 3.4.1
5
CVSSv2
CVE-2009-3386
Template.pm in Bugzilla 3.3.2 up to and including 3.4.3 and 3.5 up to and including 3.5.1 allows remote malicious users to discover the alias of a private bug by reading the (1) Depends On or (2) Blocks field of a related bug.
Mozilla Bugzilla 3.4
Mozilla Bugzilla 3.4.2
Mozilla Bugzilla 3.3.2
Mozilla Bugzilla 3.5
Mozilla Bugzilla 3.4.1
Mozilla Bugzilla 3.4.3
Mozilla Bugzilla 3.3.3
Mozilla Bugzilla 3.3.4
Mozilla Bugzilla 3.5.1
5
CVSSv2
CVE-2009-3387
Bugzilla 3.3.1 up to and including 3.4.4, 3.5.1, and 3.5.2 does not allow group restrictions to be preserved throughout the process of moving a bug to a different product category, which allows remote malicious users to obtain sensitive information via a request for a bug in oppo...
Mozilla Bugzilla 3.4.2
Mozilla Bugzilla 3.4.4
Mozilla Bugzilla 3.3.2
Mozilla Bugzilla 3.3.3
Mozilla Bugzilla 3.3.4
Mozilla Bugzilla 3.4
Mozilla Bugzilla 3.4.1
Mozilla Bugzilla 3.3.1
Mozilla Bugzilla 3.5.1
Mozilla Bugzilla 3.5.2
7.5
CVSSv2
CVE-2009-3165
SQL injection vulnerability in the Bug.create WebService function in Bugzilla 2.23.4 up to and including 3.0.8, 3.1.1 up to and including 3.2.4, and 3.3.1 up to and including 3.4.1 allows remote malicious users to execute arbitrary SQL commands via unspecified parameters.
Mozilla Bugzilla 3.0
Mozilla Bugzilla 3.0.7
Mozilla Bugzilla 3.0.8
Mozilla Bugzilla 3.1.1
Mozilla Bugzilla 3.1.2
Mozilla Bugzilla 3.3.4
Mozilla Bugzilla 3.4
Mozilla Bugzilla 3.4.1
Mozilla Bugzilla 3.0.5
Mozilla Bugzilla 3.0.2
Mozilla Bugzilla 3.1.3
Mozilla Bugzilla 3.2
Mozilla Bugzilla 3.3.1
Mozilla Bugzilla 3.3.3
Mozilla Bugzilla 2.23.4
Mozilla Bugzilla 3.0.4
Mozilla Bugzilla 3.0.6
Mozilla Bugzilla 3.0.3
Mozilla Bugzilla 3.2.4
Mozilla Bugzilla 3.2.1
Mozilla Bugzilla 3.2.3
Mozilla Bugzilla 3.0.1
5
CVSSv2
CVE-2010-1204
Search.pm in Bugzilla 2.17.1 up to and including 3.2.6, 3.3.1 up to and including 3.4.6, 3.5.1 up to and including 3.6, and 3.7 allows remote malicious users to obtain potentially sensitive time-tracking information via a crafted search URL, related to a "boolean chart searc...
Mozilla Bugzilla 2.17.1
Mozilla Bugzilla 3.0.1
Mozilla Bugzilla 3.0.3
Mozilla Bugzilla 3.0.8
Mozilla Bugzilla 3.0.10
Mozilla Bugzilla 3.1.1
Mozilla Bugzilla 3.2.1
Mozilla Bugzilla 3.2.3
Mozilla Bugzilla 3.4
Mozilla Bugzilla 3.4.2
Mozilla Bugzilla 3.5.3
Mozilla Bugzilla 3.7
Mozilla Bugzilla 3.0.4
Mozilla Bugzilla 3.0.5
Mozilla Bugzilla 3.0.6
Mozilla Bugzilla 3.0.7
Mozilla Bugzilla 3.2.5
Mozilla Bugzilla 3.2.6
Mozilla Bugzilla 3.3.1
Mozilla Bugzilla 3.3.3
Mozilla Bugzilla 2.17.4
Mozilla Bugzilla 2.17.5
4.3
CVSSv2
CVE-2011-2381
CRLF injection vulnerability in Bugzilla 2.17.1 up to and including 2.22.7, 3.0.x up to and including 3.3.x, 3.4.x prior to 3.4.12, 3.5.x, 3.6.x prior to 3.6.6, 3.7.x, 4.0.x prior to 4.0.2, and 4.1.x prior to 4.1.3 allows remote malicious users to inject arbitrary e-mail headers ...
Mozilla Bugzilla 2.17.7
Mozilla Bugzilla 2.18.4
Mozilla Bugzilla 2.18.2
Mozilla Bugzilla 2.19.1
Mozilla Bugzilla 2.19.2
Mozilla Bugzilla 2.20
Mozilla Bugzilla 2.20.6
Mozilla Bugzilla 2.22.2
Mozilla Bugzilla 2.22.1
Mozilla Bugzilla 2.22
Mozilla Bugzilla 2.17.5
Mozilla Bugzilla 2.17.6
Mozilla Bugzilla 2.17.1
Mozilla Bugzilla 2.18
Mozilla Bugzilla 2.20.7
Mozilla Bugzilla 2.20.4
Mozilla Bugzilla 2.21.2
Mozilla Bugzilla 2.22.5
Mozilla Bugzilla 2.22.4
Mozilla Bugzilla 2.17.3
Mozilla Bugzilla 2.17.4
Mozilla Bugzilla 2.18.5
4.3
CVSSv2
CVE-2011-2976
Cross-site scripting (XSS) vulnerability in Bugzilla 2.16rc1 up to and including 2.22.7, 3.0.x up to and including 3.3.x, and 3.4.x prior to 3.4.12 allows remote malicious users to inject arbitrary web script or HTML via vectors involving a BUGLIST cookie.
Mozilla Bugzilla 2.16.10
Mozilla Bugzilla 2.16.3
Mozilla Bugzilla 2.17.7
Mozilla Bugzilla 2.17.3
Mozilla Bugzilla 2.18.5
Mozilla Bugzilla 2.18
Mozilla Bugzilla 2.18.1
Mozilla Bugzilla 2.19
Mozilla Bugzilla 2.19.1
Mozilla Bugzilla 2.20
Mozilla Bugzilla 2.20.1
Mozilla Bugzilla 2.21.2
Mozilla Bugzilla 2.22.2
Mozilla Bugzilla 2.22.7
Mozilla Bugzilla 2.16.6
Mozilla Bugzilla 2.16.11
Mozilla Bugzilla 2.16.8
Mozilla Bugzilla 2.16.9
Mozilla Bugzilla 2.17.1
Mozilla Bugzilla 2.18.4
Mozilla Bugzilla 2.18.6
Mozilla Bugzilla 2.20.2
4.3
CVSSv2
CVE-2010-4567
Bugzilla prior to 3.2.10, 3.4.x prior to 3.4.10, 3.6.x prior to 3.6.4, and 4.0.x prior to 4.0rc2 does not properly handle whitespace preceding a (1) javascript: or (2) data: URI, which allows remote malicious users to conduct cross-site scripting (XSS) attacks via the URL (aka bu...
Mozilla Bugzilla 3.2.7
Mozilla Bugzilla 3.2
Mozilla Bugzilla 3.4.7
Mozilla Bugzilla 3.4.1
Mozilla Bugzilla 2.20.7
Mozilla Bugzilla 2.22.7
Mozilla Bugzilla 2.18.5
Mozilla Bugzilla 2.20
Mozilla Bugzilla 2.21.2
Mozilla Bugzilla 2.22
Mozilla Bugzilla 2.6
Mozilla Bugzilla 2.4
Mozilla Bugzilla 2.18.6
Mozilla Bugzilla 2.16.4
Mozilla Bugzilla 2.16.7
Mozilla Bugzilla 2.14.5
Mozilla Bugzilla 2.16.1
Mozilla Bugzilla 2.18
Mozilla Bugzilla 2.18.1
Mozilla Bugzilla 3.2.4
Mozilla Bugzilla 3.4.2
Mozilla Bugzilla 3.4.3
4.3
CVSSv2
CVE-2010-4572
CRLF injection vulnerability in chart.cgi in Bugzilla prior to 3.2.10, 3.4.x prior to 3.4.10, 3.6.x prior to 3.6.4, and 4.0.x prior to 4.0rc2 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the query string, a differe...
Mozilla Bugzilla 3.2.5
Mozilla Bugzilla 3.2.1
Mozilla Bugzilla 3.2.6
Mozilla Bugzilla 3.4.8
Mozilla Bugzilla 3.6.1
Mozilla Bugzilla 2.16
Mozilla Bugzilla 2.2
Mozilla Bugzilla 2.20
Mozilla Bugzilla 2.19.2
Mozilla Bugzilla 2.19.3
Mozilla Bugzilla 2.21
Mozilla Bugzilla 2.21.1
Mozilla Bugzilla 2.23.3
Mozilla Bugzilla 2.23.2
Mozilla Bugzilla 2.16.7
Mozilla Bugzilla 2.16.6
Mozilla Bugzilla 2.16.11
Mozilla Bugzilla 2.14.2
Mozilla Bugzilla 2.18.2
Mozilla Bugzilla 2.18.3
Mozilla Bugzilla 3.2
Mozilla Bugzilla 3.2.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-35000
CVE-2024-4439
unauthorized
CVE-2024-0042
CVE-2024-31848
CVE-2023-40694
cache poisoning
CVE-2024-23707
firmware
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »