Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mozilla bugzilla 3.3.1 vulnerabilities and exploits
(subscribe to this query)
5.9
CVSSv3
CVE-2018-12384
When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact T...
Mozilla Network Security Services
1 Github repository
6.1
CVSSv3
CVE-2016-2803
Cross-site scripting (XSS) vulnerability in the dependency graphs in Bugzilla 2.16rc1 up to and including 4.4.11, and 4.5.1 up to and including 5.0.2 allows remote malicious users to inject arbitrary web script or HTML.
Mozilla Bugzilla 5.0
Mozilla Bugzilla 4.5.1
Mozilla Bugzilla 4.2.5
Mozilla Bugzilla 4.2.6
Mozilla Bugzilla 4.3.3
Mozilla Bugzilla 4.4
Mozilla Bugzilla 4.4.5
Mozilla Bugzilla 4.4.6
Mozilla Bugzilla 3.1.4
Mozilla Bugzilla 3.2
Mozilla Bugzilla 3.2.4
Mozilla Bugzilla 3.2.5
Mozilla Bugzilla 3.3.3
Mozilla Bugzilla 3.3.4
Mozilla Bugzilla 3.4.13
Mozilla Bugzilla 3.4.14
Mozilla Bugzilla 3.4.8
Mozilla Bugzilla 3.4.9
Mozilla Bugzilla 3.6.1
Mozilla Bugzilla 3.6.10
Mozilla Bugzilla 3.6.5
Mozilla Bugzilla 3.6.6
NA
CVE-2015-4499
Util.pm in Bugzilla 2.x, 3.x, and 4.x prior to 4.2.15, 4.3.x and 4.4.x prior to 4.4.10, and 5.x prior to 5.0.1 mishandles long e-mail addresses during account registration, which allows remote malicious users to obtain the default privileges for an arbitrary domain name by placin...
Mozilla Bugzilla 2.0
Mozilla Bugzilla 2.2
Mozilla Bugzilla 2.14.1
Mozilla Bugzilla 2.14.2
Mozilla Bugzilla 2.16.1
Mozilla Bugzilla 2.16.10
Mozilla Bugzilla 2.16.8
Mozilla Bugzilla 2.16.9
Mozilla Bugzilla 2.17.6
Mozilla Bugzilla 2.17.7
Mozilla Bugzilla 2.18.3
Mozilla Bugzilla 2.18.4
Mozilla Bugzilla 2.20
Mozilla Bugzilla 2.20.7
Mozilla Bugzilla 2.21
Mozilla Bugzilla 2.22.4
Mozilla Bugzilla 2.22.5
Mozilla Bugzilla 2.8
Mozilla Bugzilla 2.10
Mozilla Bugzilla 2.14.5
Mozilla Bugzilla 2.16
Mozilla Bugzilla 2.16.3
NA
CVE-2014-1571
Bugzilla 2.x up to and including 4.0.x prior to 4.0.15, 4.1.x and 4.2.x prior to 4.2.11, 4.3.x and 4.4.x prior to 4.4.6, and 4.5.x prior to 4.5.6 allows remote authenticated users to obtain sensitive private-comment information by leveraging a role as a flag recipient, related to...
Mozilla Bugzilla 4.3
Mozilla Bugzilla 4.3.1
Mozilla Bugzilla 4.3.2
Mozilla Bugzilla 4.3.3
Mozilla Bugzilla 4.2.2
Mozilla Bugzilla 4.2.3
Mozilla Bugzilla 4.2.4
Mozilla Bugzilla 4.2.5
Mozilla Bugzilla 4.2.6
Mozilla Bugzilla 4.0.10
Mozilla Bugzilla 4.0.1
Mozilla Bugzilla 4.0
Mozilla Bugzilla 3.6.13
Mozilla Bugzilla 3.6.12
Mozilla Bugzilla 3.6.11
Mozilla Bugzilla 3.6.10
Mozilla Bugzilla 3.4.4
Mozilla Bugzilla 3.4.3
Mozilla Bugzilla 3.4.2
Mozilla Bugzilla 3.4.13
Mozilla Bugzilla 3.2.8
Mozilla Bugzilla 3.2.7
NA
CVE-2014-1572
The confirm_create_account function in the account-creation feature in token.cgi in Bugzilla 2.x up to and including 4.0.x prior to 4.0.15, 4.1.x and 4.2.x prior to 4.2.11, 4.3.x and 4.4.x prior to 4.4.6, and 4.5.x prior to 4.5.6 does not specify a scalar context for the realname...
Fedoraproject Fedora 20
Fedoraproject Fedora 19
Fedoraproject Fedora 21
Mozilla Bugzilla 4.5.5
Mozilla Bugzilla 4.3
Mozilla Bugzilla 4.4.2
Mozilla Bugzilla 4.4.3
Mozilla Bugzilla 4.2.2
Mozilla Bugzilla 4.2.3
Mozilla Bugzilla 4.2.10
Mozilla Bugzilla 4.1
Mozilla Bugzilla 4.1.1
Mozilla Bugzilla 4.5.3
Mozilla Bugzilla 4.5.4
Mozilla Bugzilla 4.4
Mozilla Bugzilla 4.4.1
Mozilla Bugzilla 4.2
Mozilla Bugzilla 4.2.1
Mozilla Bugzilla 4.2.8
Mozilla Bugzilla 4.2.9
Mozilla Bugzilla 4.0.12
Mozilla Bugzilla 4.0.11
NA
CVE-2014-1573
Bugzilla 2.x up to and including 4.0.x prior to 4.0.15, 4.1.x and 4.2.x prior to 4.2.11, 4.3.x and 4.4.x prior to 4.4.6, and 4.5.x prior to 4.5.6 does not ensure that a scalar context is used for certain CGI parameters, which allows remote malicious users to conduct cross-site sc...
Fedoraproject Fedora 21
Fedoraproject Fedora 20
Fedoraproject Fedora 19
Mozilla Bugzilla 4.5.3
Mozilla Bugzilla 4.5.4
Mozilla Bugzilla 4.4
Mozilla Bugzilla 4.4.1
Mozilla Bugzilla 4.2
Mozilla Bugzilla 4.2.1
Mozilla Bugzilla 4.2.8
Mozilla Bugzilla 4.2.9
Mozilla Bugzilla 4.5
Mozilla Bugzilla 4.3.1
Mozilla Bugzilla 4.3.2
Mozilla Bugzilla 4.4.4
Mozilla Bugzilla 4.4.5
Mozilla Bugzilla 4.5.5
Mozilla Bugzilla 4.3
Mozilla Bugzilla 4.4.2
Mozilla Bugzilla 4.4.3
Mozilla Bugzilla 4.2.2
Mozilla Bugzilla 4.2.3
NA
CVE-2014-1546
The response function in the JSONP endpoint in WebService/Server/JSONRPC.pm in jsonrpc.cgi in Bugzilla 3.x and 4.x prior to 4.0.14, 4.1.x and 4.2.x prior to 4.2.10, 4.3.x and 4.4.x prior to 4.4.5, and 4.5.x prior to 4.5.5 accepts certain long callback values and does not restrict...
Mozilla Bugzilla 4.5.1
Mozilla Bugzilla 4.5.2
Mozilla Bugzilla 4.4
Mozilla Bugzilla 4.2
Mozilla Bugzilla 4.2.6
Mozilla Bugzilla 4.2.7
Mozilla Bugzilla 4.0.4
Mozilla Bugzilla 4.0.3
Mozilla Bugzilla 4.0
Mozilla Bugzilla 3.6.8
Mozilla Bugzilla 3.6.7
Mozilla Bugzilla 3.6.11
Mozilla Bugzilla 3.6.10
Mozilla Bugzilla 3.5.1
Mozilla Bugzilla 3.5
Mozilla Bugzilla 3.4.3
Mozilla Bugzilla 3.4.2
Mozilla Bugzilla 3.4.13
Mozilla Bugzilla 3.3.4
Mozilla Bugzilla 3.3.3
Mozilla Bugzilla 3.2.6
Mozilla Bugzilla 3.2.5
NA
CVE-2014-1517
The login form in Bugzilla 2.x, 3.x, 4.x prior to 4.4.3, and 4.5.x prior to 4.5.3 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to log...
Mozilla Bugzilla 3.0.4
Mozilla Bugzilla 3.0
Mozilla Bugzilla 3.6.9
Mozilla Bugzilla 4.1.1
Mozilla Bugzilla 3.1.3
Mozilla Bugzilla 2.0
Mozilla Bugzilla 2.18.6\\+
Mozilla Bugzilla 2.16.8
Mozilla Bugzilla 4.3.1
Mozilla Bugzilla 3.0.0
Mozilla Bugzilla 2.22.7
Mozilla Bugzilla 3.7.2
Mozilla Bugzilla 3.4.3
Mozilla Bugzilla 3.3.2
Mozilla Bugzilla 4.3.2
Mozilla Bugzilla 3.0.1
Mozilla Bugzilla 2.18.8
Mozilla Bugzilla 2.17.6
Mozilla Bugzilla 2.16
Mozilla Bugzilla 4.2
Mozilla Bugzilla 3.2
Mozilla Bugzilla 2.18.5
NA
CVE-2013-1742
Multiple cross-site scripting (XSS) vulnerabilities in editflagtypes.cgi in Bugzilla 2.x, 3.x, and 4.0.x prior to 4.0.11; 4.1.x and 4.2.x prior to 4.2.7; and 4.3.x and 4.4.x prior to 4.4.1 allow remote malicious users to inject arbitrary web script or HTML via the (1) id or (2) s...
Mozilla Bugzilla 4.1
Mozilla Bugzilla 4.1.1
Mozilla Bugzilla 4.1.2
Mozilla Bugzilla 4.1.3
Mozilla Bugzilla 4.3.1
Mozilla Bugzilla 4.3.3
Mozilla Bugzilla 4.3
Mozilla Bugzilla 4.3.2
Mozilla Bugzilla 2.14.4
Mozilla Bugzilla 2.14.5
Mozilla Bugzilla 2.16
Mozilla Bugzilla 2.17
Mozilla Bugzilla 2.14
Mozilla Bugzilla 2.14.2
Mozilla Bugzilla 2.16.1
Mozilla Bugzilla 2.16.11
Mozilla Bugzilla 2.16.6
Mozilla Bugzilla 2.16.8
Mozilla Bugzilla 2.17.5
Mozilla Bugzilla 2.17.7
Mozilla Bugzilla 2.18.3
Mozilla Bugzilla 2.18.5
1 EDB exploit
NA
CVE-2013-1734
Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.0.x prior to 4.0.11; 4.1.x and 4.2.x prior to 4.2.7; and 4.3.x and 4.4.x prior to 4.4.1 allows remote malicious users to hijack the authentication of arbitrary users for requests that co...
Mozilla Bugzilla 2.16
Mozilla Bugzilla 2.16.1
Mozilla Bugzilla 2.16.10
Mozilla Bugzilla 2.16.11
Mozilla Bugzilla 2.17.4
Mozilla Bugzilla 2.17.5
Mozilla Bugzilla 2.17.6
Mozilla Bugzilla 2.17.7
Mozilla Bugzilla 2.12
Mozilla Bugzilla 2.14
Mozilla Bugzilla 2.14.1
Mozilla Bugzilla 2.14.2
Mozilla Bugzilla 2.16.6
Mozilla Bugzilla 2.16.7
Mozilla Bugzilla 2.16.8
Mozilla Bugzilla 2.16.9
Mozilla Bugzilla 2.18.2
Mozilla Bugzilla 2.18.3
Mozilla Bugzilla 2.18.4
Mozilla Bugzilla 2.18.5
Mozilla Bugzilla 2.20
Mozilla Bugzilla 2.20.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »