Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mozilla bugzilla 3.6 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2019-15903
In libexpat prior to 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.
Libexpat Project Libexpat
Python Python
6.1
CVSSv3
CVE-2016-2803
Cross-site scripting (XSS) vulnerability in the dependency graphs in Bugzilla 2.16rc1 up to and including 4.4.11, and 4.5.1 up to and including 5.0.2 allows remote malicious users to inject arbitrary web script or HTML.
Mozilla Bugzilla 5.0
Mozilla Bugzilla 4.5.1
Mozilla Bugzilla 4.2.5
Mozilla Bugzilla 4.2.6
Mozilla Bugzilla 4.3.3
Mozilla Bugzilla 4.4
Mozilla Bugzilla 4.4.5
Mozilla Bugzilla 4.4.6
Mozilla Bugzilla 3.1.4
Mozilla Bugzilla 3.2
Mozilla Bugzilla 3.2.4
Mozilla Bugzilla 3.2.5
Mozilla Bugzilla 3.3.3
Mozilla Bugzilla 3.3.4
Mozilla Bugzilla 3.4.13
Mozilla Bugzilla 3.4.14
Mozilla Bugzilla 3.4.8
Mozilla Bugzilla 3.4.9
Mozilla Bugzilla 3.6.1
Mozilla Bugzilla 3.6.10
Mozilla Bugzilla 3.6.5
Mozilla Bugzilla 3.6.6
4.7
CVSSv3
CVE-2015-8508
Cross-site scripting (XSS) vulnerability in showdependencygraph.cgi in Bugzilla 2.x, 3.x, and 4.x prior to 4.2.16, 4.3.x and 4.4.x prior to 4.4.11, and 4.5.x and 5.0.x prior to 5.0.2, when a local dot configuration is used, allows remote malicious users to inject arbitrary web sc...
Mozilla Bugzilla 4.4.7
Mozilla Bugzilla 4.4.6
Mozilla Bugzilla 4.2.14
Mozilla Bugzilla 4.2.13
Mozilla Bugzilla 4.2.6
Mozilla Bugzilla 4.2.5
Mozilla Bugzilla 4.0.17
Mozilla Bugzilla 4.0.16
Mozilla Bugzilla 4.0.8
Mozilla Bugzilla 4.0.7
Mozilla Bugzilla 4.0
Mozilla Bugzilla 3.6.13
Mozilla Bugzilla 3.6.6
Mozilla Bugzilla 3.6.5
Mozilla Bugzilla 3.6.4
Mozilla Bugzilla 3.4.12
Mozilla Bugzilla 3.4.11
Mozilla Bugzilla 3.4.3
Mozilla Bugzilla 3.4.2
Mozilla Bugzilla 3.2.5
Mozilla Bugzilla 3.2.4
Mozilla Bugzilla 3.0.9
3.5
CVSSv3
CVE-2015-8509
Template.pm in Bugzilla 2.x, 3.x, and 4.x prior to 4.2.16, 4.3.x and 4.4.x prior to 4.4.11, and 4.5.x and 5.0.x prior to 5.0.2 does not properly construct CSV files, which allows remote malicious users to obtain sensitive information by leveraging a web browser that interprets CS...
Mozilla Bugzilla 4.4.10
Mozilla Bugzilla 4.4.9
Mozilla Bugzilla 4.4.1
Mozilla Bugzilla 4.4
Mozilla Bugzilla 4.2.9
Mozilla Bugzilla 4.2.8
Mozilla Bugzilla 4.2.1
Mozilla Bugzilla 4.2
Mozilla Bugzilla 4.0.11
Mozilla Bugzilla 4.0.10
Mozilla Bugzilla 4.0.3
Mozilla Bugzilla 4.0.2
Mozilla Bugzilla 3.6.9
Mozilla Bugzilla 3.6.8
Mozilla Bugzilla 3.6.7
Mozilla Bugzilla 3.6
Mozilla Bugzilla 3.4.14
Mozilla Bugzilla 3.4.7
Mozilla Bugzilla 3.4.6
Mozilla Bugzilla 3.2.9
Mozilla Bugzilla 3.2.8
Mozilla Bugzilla 3.2.7
NA
CVE-2015-4499
Util.pm in Bugzilla 2.x, 3.x, and 4.x prior to 4.2.15, 4.3.x and 4.4.x prior to 4.4.10, and 5.x prior to 5.0.1 mishandles long e-mail addresses during account registration, which allows remote malicious users to obtain the default privileges for an arbitrary domain name by placin...
Mozilla Bugzilla 2.0
Mozilla Bugzilla 2.2
Mozilla Bugzilla 2.14.1
Mozilla Bugzilla 2.14.2
Mozilla Bugzilla 2.16.1
Mozilla Bugzilla 2.16.10
Mozilla Bugzilla 2.16.8
Mozilla Bugzilla 2.16.9
Mozilla Bugzilla 2.17.6
Mozilla Bugzilla 2.17.7
Mozilla Bugzilla 2.18.3
Mozilla Bugzilla 2.18.4
Mozilla Bugzilla 2.20
Mozilla Bugzilla 2.20.7
Mozilla Bugzilla 2.21
Mozilla Bugzilla 2.22.4
Mozilla Bugzilla 2.22.5
Mozilla Bugzilla 2.8
Mozilla Bugzilla 2.10
Mozilla Bugzilla 2.14.5
Mozilla Bugzilla 2.16
Mozilla Bugzilla 2.16.3
NA
CVE-2014-1571
Bugzilla 2.x up to and including 4.0.x prior to 4.0.15, 4.1.x and 4.2.x prior to 4.2.11, 4.3.x and 4.4.x prior to 4.4.6, and 4.5.x prior to 4.5.6 allows remote authenticated users to obtain sensitive private-comment information by leveraging a role as a flag recipient, related to...
Mozilla Bugzilla 4.3
Mozilla Bugzilla 4.3.1
Mozilla Bugzilla 4.3.2
Mozilla Bugzilla 4.3.3
Mozilla Bugzilla 4.2.2
Mozilla Bugzilla 4.2.3
Mozilla Bugzilla 4.2.4
Mozilla Bugzilla 4.2.5
Mozilla Bugzilla 4.2.6
Mozilla Bugzilla 4.0.10
Mozilla Bugzilla 4.0.1
Mozilla Bugzilla 4.0
Mozilla Bugzilla 3.6.13
Mozilla Bugzilla 3.6.12
Mozilla Bugzilla 3.6.11
Mozilla Bugzilla 3.6.10
Mozilla Bugzilla 3.4.4
Mozilla Bugzilla 3.4.3
Mozilla Bugzilla 3.4.2
Mozilla Bugzilla 3.4.13
Mozilla Bugzilla 3.2.8
Mozilla Bugzilla 3.2.7
NA
CVE-2014-1572
The confirm_create_account function in the account-creation feature in token.cgi in Bugzilla 2.x up to and including 4.0.x prior to 4.0.15, 4.1.x and 4.2.x prior to 4.2.11, 4.3.x and 4.4.x prior to 4.4.6, and 4.5.x prior to 4.5.6 does not specify a scalar context for the realname...
Fedoraproject Fedora 20
Fedoraproject Fedora 19
Fedoraproject Fedora 21
Mozilla Bugzilla 4.5.5
Mozilla Bugzilla 4.3
Mozilla Bugzilla 4.4.2
Mozilla Bugzilla 4.4.3
Mozilla Bugzilla 4.2.2
Mozilla Bugzilla 4.2.3
Mozilla Bugzilla 4.2.10
Mozilla Bugzilla 4.1
Mozilla Bugzilla 4.1.1
Mozilla Bugzilla 4.5.3
Mozilla Bugzilla 4.5.4
Mozilla Bugzilla 4.4
Mozilla Bugzilla 4.4.1
Mozilla Bugzilla 4.2
Mozilla Bugzilla 4.2.1
Mozilla Bugzilla 4.2.8
Mozilla Bugzilla 4.2.9
Mozilla Bugzilla 4.0.12
Mozilla Bugzilla 4.0.11
NA
CVE-2014-1573
Bugzilla 2.x up to and including 4.0.x prior to 4.0.15, 4.1.x and 4.2.x prior to 4.2.11, 4.3.x and 4.4.x prior to 4.4.6, and 4.5.x prior to 4.5.6 does not ensure that a scalar context is used for certain CGI parameters, which allows remote malicious users to conduct cross-site sc...
Fedoraproject Fedora 21
Fedoraproject Fedora 20
Fedoraproject Fedora 19
Mozilla Bugzilla 4.5.3
Mozilla Bugzilla 4.5.4
Mozilla Bugzilla 4.4
Mozilla Bugzilla 4.4.1
Mozilla Bugzilla 4.2
Mozilla Bugzilla 4.2.1
Mozilla Bugzilla 4.2.8
Mozilla Bugzilla 4.2.9
Mozilla Bugzilla 4.5
Mozilla Bugzilla 4.3.1
Mozilla Bugzilla 4.3.2
Mozilla Bugzilla 4.4.4
Mozilla Bugzilla 4.4.5
Mozilla Bugzilla 4.5.5
Mozilla Bugzilla 4.3
Mozilla Bugzilla 4.4.2
Mozilla Bugzilla 4.4.3
Mozilla Bugzilla 4.2.2
Mozilla Bugzilla 4.2.3
NA
CVE-2014-1546
The response function in the JSONP endpoint in WebService/Server/JSONRPC.pm in jsonrpc.cgi in Bugzilla 3.x and 4.x prior to 4.0.14, 4.1.x and 4.2.x prior to 4.2.10, 4.3.x and 4.4.x prior to 4.4.5, and 4.5.x prior to 4.5.5 accepts certain long callback values and does not restrict...
Mozilla Bugzilla 4.5.1
Mozilla Bugzilla 4.5.2
Mozilla Bugzilla 4.4
Mozilla Bugzilla 4.2
Mozilla Bugzilla 4.2.6
Mozilla Bugzilla 4.2.7
Mozilla Bugzilla 4.0.4
Mozilla Bugzilla 4.0.3
Mozilla Bugzilla 4.0
Mozilla Bugzilla 3.6.8
Mozilla Bugzilla 3.6.7
Mozilla Bugzilla 3.6.11
Mozilla Bugzilla 3.6.10
Mozilla Bugzilla 3.5.1
Mozilla Bugzilla 3.5
Mozilla Bugzilla 3.4.3
Mozilla Bugzilla 3.4.2
Mozilla Bugzilla 3.4.13
Mozilla Bugzilla 3.3.4
Mozilla Bugzilla 3.3.3
Mozilla Bugzilla 3.2.6
Mozilla Bugzilla 3.2.5
NA
CVE-2014-1517
The login form in Bugzilla 2.x, 3.x, 4.x prior to 4.4.3, and 4.5.x prior to 4.5.3 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to log...
Mozilla Bugzilla 3.0.4
Mozilla Bugzilla 3.0
Mozilla Bugzilla 3.6.9
Mozilla Bugzilla 4.1.1
Mozilla Bugzilla 3.1.3
Mozilla Bugzilla 2.0
Mozilla Bugzilla 2.18.6\\+
Mozilla Bugzilla 2.16.8
Mozilla Bugzilla 4.3.1
Mozilla Bugzilla 3.0.0
Mozilla Bugzilla 2.22.7
Mozilla Bugzilla 3.7.2
Mozilla Bugzilla 3.4.3
Mozilla Bugzilla 3.3.2
Mozilla Bugzilla 4.3.2
Mozilla Bugzilla 3.0.1
Mozilla Bugzilla 2.18.8
Mozilla Bugzilla 2.17.6
Mozilla Bugzilla 2.16
Mozilla Bugzilla 4.2
Mozilla Bugzilla 3.2
Mozilla Bugzilla 2.18.5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-36954
CVE-2024-36933
CVE-2024-24919
CVE-2024-36923
CVE-2024-2961
CVE-2024-36925
bypass
encryption
command injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »