Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mozilla bugzilla 4.0.4 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-0453
Cross-site request forgery (CSRF) vulnerability in xmlrpc.cgi in Bugzilla 4.0.2 up to and including 4.0.4 and 4.1.1 up to and including 4.2rc2, when mod_perl is used, allows remote malicious users to hijack the authentication of arbitrary users for requests that modify the produc...
Mozilla Bugzilla 4.0.2
Mozilla Bugzilla 4.0.3
Mozilla Bugzilla 4.0.4
Mozilla Bugzilla 4.1.1
Mozilla Bugzilla 4.2
Mozilla Bugzilla 4.1.2
Mozilla Bugzilla 4.1.3
NA
CVE-2012-4198
The User.get method in Bugzilla/WebService/User.pm in Bugzilla 3.7.x and 4.0.x prior to 4.0.9, 4.1.x and 4.2.x prior to 4.2.4, and 4.3.x and 4.4.x prior to 4.4rc1 has a different outcome for a groups request depending on whether a group exists, which allows remote authenticated u...
Mozilla Bugzilla 3.7.2
Mozilla Bugzilla 3.7.1
Mozilla Bugzilla 3.7
Mozilla Bugzilla 3.7.3
Mozilla Bugzilla 4.0.1
Mozilla Bugzilla 4.0
Mozilla Bugzilla 4.0.2
Mozilla Bugzilla 4.0.5
Mozilla Bugzilla 4.0.7
Mozilla Bugzilla 4.0.8
Mozilla Bugzilla 4.0.3
Mozilla Bugzilla 4.0.6
Mozilla Bugzilla 4.0.4
Mozilla Bugzilla 4.1.1
Mozilla Bugzilla 4.1
Mozilla Bugzilla 4.1.2
Mozilla Bugzilla 4.1.3
Mozilla Bugzilla 4.2
Mozilla Bugzilla 4.2.1
Mozilla Bugzilla 4.2.2
Mozilla Bugzilla 4.2.3
Mozilla Bugzilla 4.3.1
NA
CVE-2012-0465
Bugzilla 3.5.x and 3.6.x prior to 3.6.9, 3.7.x and 4.0.x prior to 4.0.6, and 4.1.x and 4.2.x prior to 4.2.1, when the inbound_proxies option is enabled, does not properly validate the X-Forwarded-For HTTP header, which allows remote malicious users to bypass the lockout policy vi...
Mozilla Bugzilla 4.1.1
Mozilla Bugzilla 3.7.2
Mozilla Bugzilla 4.2
Mozilla Bugzilla 3.6.1
Mozilla Bugzilla 3.7.1
Mozilla Bugzilla 3.6.0
Mozilla Bugzilla 3.5.3
Mozilla Bugzilla 3.6.3
Mozilla Bugzilla 4.0.1
Mozilla Bugzilla 3.6.4
Mozilla Bugzilla 3.6.8
Mozilla Bugzilla 4.0.2
Mozilla Bugzilla 3.5.2
Mozilla Bugzilla 3.5.1
Mozilla Bugzilla 4.0.5
Mozilla Bugzilla 4.1.2
Mozilla Bugzilla 3.6.7
Mozilla Bugzilla 3.7.3
Mozilla Bugzilla 3.6.6
Mozilla Bugzilla 4.0.3
Mozilla Bugzilla 4.0.4
Mozilla Bugzilla 3.6.5
NA
CVE-2012-5883
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 up to and including 2.9.0, as used in Bugzilla 3.7.x and 4.0.x prior to 4.0.9, 4.1.x and 4.2.x prior to 4.2.4, and 4.3.x and 4.4.x prior to 4.4rc1, allows remote malicious users to inject ...
Mozilla Bugzilla 4.1.1
Mozilla Bugzilla 4.3.1
Mozilla Bugzilla 3.7.2
Mozilla Bugzilla 4.3.2
Mozilla Bugzilla 4.2
Mozilla Bugzilla 3.7.1
Mozilla Bugzilla 3.7
Mozilla Bugzilla 4.2.1
Mozilla Bugzilla 4.0.1
Yahoo Yui 2.9.0
Mozilla Bugzilla 4.0
Mozilla Bugzilla 4.3
Mozilla Bugzilla 4.1
Mozilla Bugzilla 4.0.2
Mozilla Bugzilla 4.3.3
Mozilla Bugzilla 4.2.2
Mozilla Bugzilla 4.0.5
Mozilla Bugzilla 4.0.7
Mozilla Bugzilla 4.1.2
Mozilla Bugzilla 4.0.8
Yahoo Yui 2.8.0
Mozilla Bugzilla 3.7.3
NA
CVE-2013-0785
Cross-site scripting (XSS) vulnerability in show_bug.cgi in Bugzilla prior to 3.6.13, 3.7.x and 4.0.x prior to 4.0.10, 4.1.x and 4.2.x prior to 4.2.5, and 4.3.x and 4.4.x prior to 4.4rc2 allows remote malicious users to inject arbitrary web script or HTML via the id parameter in ...
Mozilla Bugzilla 3.6.9
Mozilla Bugzilla 3.6.1
Mozilla Bugzilla 3.6.0
Mozilla Bugzilla 3.6.3
Mozilla Bugzilla 3.6
Mozilla Bugzilla 3.6.11
Mozilla Bugzilla 3.6.4
Mozilla Bugzilla 3.6.8
Mozilla Bugzilla 3.6.7
Mozilla Bugzilla
Mozilla Bugzilla 3.6.6
Mozilla Bugzilla 3.6.5
Mozilla Bugzilla 3.6.10
Mozilla Bugzilla 3.6.2
Mozilla Bugzilla 3.7.2
Mozilla Bugzilla 3.7.1
Mozilla Bugzilla 3.7
Mozilla Bugzilla 3.7.3
Mozilla Bugzilla 4.0.1
Mozilla Bugzilla 4.0
Mozilla Bugzilla 4.0.2
Mozilla Bugzilla 4.0.5
NA
CVE-2012-0448
Bugzilla 2.x and 3.x prior to 3.4.14, 3.5.x and 3.6.x prior to 3.6.8, 3.7.x and 4.0.x prior to 4.0.4, and 4.1.x and 4.2.x prior to 4.2rc2 does not reject non-ASCII characters in e-mail addresses of new user accounts, which makes it easier for remote authenticated users to spoof o...
Mozilla Bugzilla 3.0.4
Mozilla Bugzilla 3.0
Mozilla Bugzilla 4.1.1
Mozilla Bugzilla 3.1.3
Mozilla Bugzilla 2.0
Mozilla Bugzilla 2.18.6+
Mozilla Bugzilla 2.16.8
Mozilla Bugzilla 3.0.0
Mozilla Bugzilla 2.22.7
Mozilla Bugzilla 3.7.2
Mozilla Bugzilla 3.4.3
Mozilla Bugzilla 3.3.2
Mozilla Bugzilla 3.0.1
Mozilla Bugzilla 2.18.8
Mozilla Bugzilla 2.17.6
Mozilla Bugzilla 2.16
Mozilla Bugzilla 4.2
Mozilla Bugzilla 3.2
Mozilla Bugzilla 2.18.5
Mozilla Bugzilla 2.19.3
Mozilla Bugzilla 2.20
Mozilla Bugzilla 2.18.6
NA
CVE-2012-0440
Cross-site request forgery (CSRF) vulnerability in jsonrpc.cgi in Bugzilla 3.5.x and 3.6.x prior to 3.6.8, 3.7.x and 4.0.x prior to 4.0.4, and 4.1.x and 4.2.x prior to 4.2rc2 allows remote malicious users to hijack the authentication of arbitrary users for requests that use the J...
Mozilla Bugzilla 3.6.1
Mozilla Bugzilla 3.6.0
Mozilla Bugzilla 3.6.3
Mozilla Bugzilla 3.6
Mozilla Bugzilla 3.6.4
Mozilla Bugzilla 3.6.7
Mozilla Bugzilla 3.6.6
Mozilla Bugzilla 3.6.5
Mozilla Bugzilla 3.6.2
Mozilla Bugzilla 3.7.2
Mozilla Bugzilla 3.7.1
Mozilla Bugzilla 3.7
Mozilla Bugzilla 3.7.3
Mozilla Bugzilla 4.0.1
Mozilla Bugzilla 4.0
Mozilla Bugzilla 4.0.2
Mozilla Bugzilla 4.0.3
Mozilla Bugzilla 3.5.3
Mozilla Bugzilla 3.5.2
Mozilla Bugzilla 3.5.1
Mozilla Bugzilla 3.5
Mozilla Bugzilla 4.1.1
NA
CVE-2013-0786
The Bugzilla::Search::build_subselect function in Bugzilla 2.x and 3.x prior to 3.6.13 and 3.7.x and 4.0.x prior to 4.0.10 generates different error messages for invalid product queries depending on whether a product exists, which allows remote malicious users to discover private...
Mozilla Bugzilla 3.6.9
Mozilla Bugzilla 3.6.1
Mozilla Bugzilla 3.6.0
Mozilla Bugzilla 3.6.3
Mozilla Bugzilla 3.6
Mozilla Bugzilla 3.6.11
Mozilla Bugzilla 3.6.4
Mozilla Bugzilla 3.6.8
Mozilla Bugzilla 3.6.7
Mozilla Bugzilla
Mozilla Bugzilla 3.6.6
Mozilla Bugzilla 3.6.5
Mozilla Bugzilla 3.6.10
Mozilla Bugzilla 3.6.2
Mozilla Bugzilla 3.7.2
Mozilla Bugzilla 3.7.1
Mozilla Bugzilla 3.7
Mozilla Bugzilla 3.7.3
Mozilla Bugzilla 4.0.1
Mozilla Bugzilla 4.0
Mozilla Bugzilla 4.0.2
Mozilla Bugzilla 4.0.5
NA
CVE-2012-4199
template/en/default/bug/field-events.js.tmpl in Bugzilla 3.x prior to 3.6.12, 3.7.x and 4.0.x prior to 4.0.9, 4.1.x and 4.2.x prior to 4.2.4, and 4.3.x and 4.4.x prior to 4.4rc1 generates JavaScript function calls containing private product names or private component names in cer...
Mozilla Bugzilla 3.0.4
Mozilla Bugzilla 3.0
Mozilla Bugzilla 3.6.9
Mozilla Bugzilla 3.1.3
Mozilla Bugzilla 3.0.0
Mozilla Bugzilla 3.4.3
Mozilla Bugzilla
Mozilla Bugzilla 3.3.2
Mozilla Bugzilla 3.0.1
Mozilla Bugzilla 3.2
Mozilla Bugzilla 3.6.1
Mozilla Bugzilla 3.2.6
Mozilla Bugzilla 3.1.1
Mozilla Bugzilla 3.6.0
Mozilla Bugzilla 3.4.2
Mozilla Bugzilla 3.1.2
Mozilla Bugzilla 3.5.3
Mozilla Bugzilla 3.6.3
Mozilla Bugzilla 3.2.5
Mozilla Bugzilla 3.3.4
Mozilla Bugzilla 3.6
Mozilla Bugzilla 3.6.4
NA
CVE-2014-1546
The response function in the JSONP endpoint in WebService/Server/JSONRPC.pm in jsonrpc.cgi in Bugzilla 3.x and 4.x prior to 4.0.14, 4.1.x and 4.2.x prior to 4.2.10, 4.3.x and 4.4.x prior to 4.4.5, and 4.5.x prior to 4.5.5 accepts certain long callback values and does not restrict...
Mozilla Bugzilla 3.0.4
Mozilla Bugzilla 3.0
Mozilla Bugzilla 3.6.9
Mozilla Bugzilla 4.1.1
Mozilla Bugzilla 3.1.3
Mozilla Bugzilla 4.3.1
Mozilla Bugzilla 3.0.0
Mozilla Bugzilla 3.7.2
Mozilla Bugzilla 3.4.3
Mozilla Bugzilla 3.3.2
Mozilla Bugzilla 4.3.2
Mozilla Bugzilla 3.0.1
Mozilla Bugzilla 4.2
Mozilla Bugzilla 3.2
Mozilla Bugzilla 3.6.1
Mozilla Bugzilla 3.2.6
Mozilla Bugzilla 4.2.5
Mozilla Bugzilla 3.1.1
Mozilla Bugzilla 3.7.1
Mozilla Bugzilla 3.7
Mozilla Bugzilla 3.6.0
Mozilla Bugzilla 3.4.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »