Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mozilla bugzilla 4.4 vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2018-5123
A third party website can access information available to a user with access to a restricted bug entry using the image generation in report.cgi in all Bugzilla versions before 4.4.
Mozilla Bugzilla
6.1
CVSSv3
CVE-2016-2803
Cross-site scripting (XSS) vulnerability in the dependency graphs in Bugzilla 2.16rc1 up to and including 4.4.11, and 4.5.1 up to and including 5.0.2 allows remote malicious users to inject arbitrary web script or HTML.
Mozilla Bugzilla 3.0.4
Mozilla Bugzilla 3.0
Mozilla Bugzilla 3.6.9
Mozilla Bugzilla 4.1.1
Mozilla Bugzilla 3.1.3
Mozilla Bugzilla 2.18.6+
Mozilla Bugzilla 2.16.8
Mozilla Bugzilla 4.3.1
Mozilla Bugzilla 3.0.0
Mozilla Bugzilla 2.22.7
Mozilla Bugzilla 4.4.11
Mozilla Bugzilla 3.7.2
Mozilla Bugzilla 3.4.3
Mozilla Bugzilla 2.16 Rc2
Mozilla Bugzilla 4.4.7
Mozilla Bugzilla 5.0
Mozilla Bugzilla 4.4.8
Mozilla Bugzilla 3.3.2
Mozilla Bugzilla 4.3.2
Mozilla Bugzilla 3.0.1
Mozilla Bugzilla 2.18.8
Mozilla Bugzilla 2.17.6
4.7
CVSSv3
CVE-2015-8508
Cross-site scripting (XSS) vulnerability in showdependencygraph.cgi in Bugzilla 2.x, 3.x, and 4.x prior to 4.2.16, 4.3.x and 4.4.x prior to 4.4.11, and 4.5.x and 5.0.x prior to 5.0.2, when a local dot configuration is used, allows remote malicious users to inject arbitrary web sc...
Mozilla Bugzilla 3.0.4
Mozilla Bugzilla 3.6.9
Mozilla Bugzilla 2.0
Mozilla Bugzilla 2.16.8
Mozilla Bugzilla 2.22.7
Mozilla Bugzilla 3.4.3
Mozilla Bugzilla 4.4.7
Mozilla Bugzilla 4.4.8
Mozilla Bugzilla 3.0.1
Mozilla Bugzilla 2.18.5
Mozilla Bugzilla 2.18.6
Mozilla Bugzilla 2.16.1
Mozilla Bugzilla 2.20
Mozilla Bugzilla 3.6.1
Mozilla Bugzilla 3.2.6
Mozilla Bugzilla 4.2.5
Mozilla Bugzilla 3.4.14
Mozilla Bugzilla 3.4.2
Mozilla Bugzilla 2.16.2
Mozilla Bugzilla 2.16.11
Mozilla Bugzilla 3.6.3
Mozilla Bugzilla 3.2.5
3.5
CVSSv3
CVE-2015-8509
Template.pm in Bugzilla 2.x, 3.x, and 4.x prior to 4.2.16, 4.3.x and 4.4.x prior to 4.4.11, and 4.5.x and 5.0.x prior to 5.0.2 does not properly construct CSV files, which allows remote malicious users to obtain sensitive information by leveraging a web browser that interprets CS...
Mozilla Bugzilla 3.0.4
Mozilla Bugzilla 3.6.9
Mozilla Bugzilla 2.0
Mozilla Bugzilla 2.16.8
Mozilla Bugzilla 2.22.7
Mozilla Bugzilla 3.4.3
Mozilla Bugzilla 4.4.7
Mozilla Bugzilla 4.4.8
Mozilla Bugzilla 3.0.1
Mozilla Bugzilla 2.18.5
Mozilla Bugzilla 2.18.6
Mozilla Bugzilla 2.16.1
Mozilla Bugzilla 2.20
Mozilla Bugzilla 3.6.1
Mozilla Bugzilla 3.2.6
Mozilla Bugzilla 4.2.5
Mozilla Bugzilla 3.4.14
Mozilla Bugzilla 3.4.2
Mozilla Bugzilla 2.16.2
Mozilla Bugzilla 2.16.11
Mozilla Bugzilla 3.6.3
Mozilla Bugzilla 3.2.5
NA
CVE-2015-4499
Util.pm in Bugzilla 2.x, 3.x, and 4.x prior to 4.2.15, 4.3.x and 4.4.x prior to 4.4.10, and 5.x prior to 5.0.1 mishandles long e-mail addresses during account registration, which allows remote malicious users to obtain the default privileges for an arbitrary domain name by placin...
Mozilla Bugzilla 3.0.4
Mozilla Bugzilla 3.0
Mozilla Bugzilla 3.6.9
Mozilla Bugzilla 4.1.1
Mozilla Bugzilla 3.1.3
Mozilla Bugzilla 2.0
Mozilla Bugzilla 2.16.8
Mozilla Bugzilla 4.3.1
Mozilla Bugzilla 3.0.0
Mozilla Bugzilla 2.22.7
Mozilla Bugzilla 3.7.2
Mozilla Bugzilla 3.4.3
Mozilla Bugzilla 4.4.7
Mozilla Bugzilla 4.4.8
Mozilla Bugzilla 3.3.2
Mozilla Bugzilla 4.3.2
Mozilla Bugzilla 3.0.1
Mozilla Bugzilla 2.17.6
Mozilla Bugzilla 2.16
Mozilla Bugzilla 4.2
Mozilla Bugzilla 3.2
Mozilla Bugzilla 2.18.5
NA
CVE-2014-8630
Bugzilla prior to 4.0.16, 4.1.x and 4.2.x prior to 4.2.12, 4.3.x and 4.4.x prior to 4.4.7, and 5.x prior to 5.0rc1 allows remote authenticated users to execute arbitrary commands by leveraging the editcomponents privilege and triggering crafted input to a two-argument Perl open c...
Mozilla Bugzilla 4.1.1
Mozilla Bugzilla 4.3.1
Mozilla Bugzilla 4.3.2
Mozilla Bugzilla 4.2
Mozilla Bugzilla 4.2.5
Mozilla Bugzilla 4.2.1
Mozilla Bugzilla 4.2.8
Mozilla Bugzilla 4.4
Mozilla Bugzilla 4.3
Mozilla Bugzilla 4.2.9
Mozilla Bugzilla 4.4.1
Mozilla Bugzilla 4.4.6
Mozilla Bugzilla 4.1
Mozilla Bugzilla 4.2.4
Mozilla Bugzilla 4.4.5
Mozilla Bugzilla 4.2.11
Mozilla Bugzilla 4.5
Mozilla Bugzilla 4.2.7
Mozilla Bugzilla 4.5.6
Mozilla Bugzilla
Mozilla Bugzilla 4.5.3
Mozilla Bugzilla 4.2.10
NA
CVE-2014-1571
Bugzilla 2.x up to and including 4.0.x prior to 4.0.15, 4.1.x and 4.2.x prior to 4.2.11, 4.3.x and 4.4.x prior to 4.4.6, and 4.5.x prior to 4.5.6 allows remote authenticated users to obtain sensitive private-comment information by leveraging a role as a flag recipient, related to...
Mozilla Bugzilla 3.0.4
Mozilla Bugzilla 3.0
Mozilla Bugzilla 3.6.9
Mozilla Bugzilla 4.1.1
Mozilla Bugzilla 3.1.3
Mozilla Bugzilla 2.0
Mozilla Bugzilla 2.18.6+
Mozilla Bugzilla 2.16.8
Mozilla Bugzilla 4.3.1
Mozilla Bugzilla 3.0.0
Mozilla Bugzilla 2.22.7
Mozilla Bugzilla 3.7.2
Mozilla Bugzilla 3.4.3
Mozilla Bugzilla 2.16 Rc2
Mozilla Bugzilla 3.3.2
Mozilla Bugzilla 4.3.2
Mozilla Bugzilla 3.0.1
Mozilla Bugzilla 2.18.8
Mozilla Bugzilla 2.17.6
Mozilla Bugzilla 2.16
Mozilla Bugzilla 4.2
Mozilla Bugzilla 3.2
NA
CVE-2014-1572
The confirm_create_account function in the account-creation feature in token.cgi in Bugzilla 2.x up to and including 4.0.x prior to 4.0.15, 4.1.x and 4.2.x prior to 4.2.11, 4.3.x and 4.4.x prior to 4.4.6, and 4.5.x prior to 4.5.6 does not specify a scalar context for the realname...
Fedoraproject Fedora 20
Fedoraproject Fedora 21
Fedoraproject Fedora 19
Mozilla Bugzilla 3.0.4
Mozilla Bugzilla 3.0
Mozilla Bugzilla 3.6.9
Mozilla Bugzilla 4.1.1
Mozilla Bugzilla 3.1.3
Mozilla Bugzilla 2.0
Mozilla Bugzilla 2.18.6+
Mozilla Bugzilla 2.16.8
Mozilla Bugzilla 4.3.1
Mozilla Bugzilla 3.0.0
Mozilla Bugzilla 2.22.7
Mozilla Bugzilla 3.7.2
Mozilla Bugzilla 3.4.3
Mozilla Bugzilla 2.16 Rc2
Mozilla Bugzilla 3.3.2
Mozilla Bugzilla 4.3.2
Mozilla Bugzilla 3.0.1
Mozilla Bugzilla 2.18.8
Mozilla Bugzilla 2.17.6
NA
CVE-2014-1573
Bugzilla 2.x up to and including 4.0.x prior to 4.0.15, 4.1.x and 4.2.x prior to 4.2.11, 4.3.x and 4.4.x prior to 4.4.6, and 4.5.x prior to 4.5.6 does not ensure that a scalar context is used for certain CGI parameters, which allows remote malicious users to conduct cross-site sc...
Fedoraproject Fedora 20
Fedoraproject Fedora 21
Fedoraproject Fedora 19
Mozilla Bugzilla 3.0.4
Mozilla Bugzilla 3.0
Mozilla Bugzilla 3.6.9
Mozilla Bugzilla 4.1.1
Mozilla Bugzilla 3.1.3
Mozilla Bugzilla 2.0
Mozilla Bugzilla 2.18.6+
Mozilla Bugzilla 2.16.8
Mozilla Bugzilla 4.3.1
Mozilla Bugzilla 3.0.0
Mozilla Bugzilla 2.22.7
Mozilla Bugzilla 3.7.2
Mozilla Bugzilla 3.4.3
Mozilla Bugzilla 2.16 Rc2
Mozilla Bugzilla 3.3.2
Mozilla Bugzilla 4.3.2
Mozilla Bugzilla 3.0.1
Mozilla Bugzilla 2.18.8
Mozilla Bugzilla 2.17.6
NA
CVE-2014-1546
The response function in the JSONP endpoint in WebService/Server/JSONRPC.pm in jsonrpc.cgi in Bugzilla 3.x and 4.x prior to 4.0.14, 4.1.x and 4.2.x prior to 4.2.10, 4.3.x and 4.4.x prior to 4.4.5, and 4.5.x prior to 4.5.5 accepts certain long callback values and does not restrict...
Mozilla Bugzilla 3.0.4
Mozilla Bugzilla 3.0
Mozilla Bugzilla 3.6.9
Mozilla Bugzilla 4.1.1
Mozilla Bugzilla 3.1.3
Mozilla Bugzilla 4.3.1
Mozilla Bugzilla 3.0.0
Mozilla Bugzilla 3.7.2
Mozilla Bugzilla 3.4.3
Mozilla Bugzilla 3.3.2
Mozilla Bugzilla 4.3.2
Mozilla Bugzilla 3.0.1
Mozilla Bugzilla 4.2
Mozilla Bugzilla 3.2
Mozilla Bugzilla 3.6.1
Mozilla Bugzilla 3.2.6
Mozilla Bugzilla 4.2.5
Mozilla Bugzilla 3.1.1
Mozilla Bugzilla 3.7.1
Mozilla Bugzilla 3.7
Mozilla Bugzilla 3.6.0
Mozilla Bugzilla 3.4.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »