Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mozilla bugzilla vulnerabilities and exploits
(subscribe to this query)
2.1
CVSSv2
CVE-2003-0012
The data collection script for Bugzilla 2.14.x prior to 2.14.5, 2.16.x prior to 2.16.2, and 2.17.x prior to 2.17.3 sets world-writable permissions for the data/mining directory when it runs, which allows local users to modify or delete the data.
Mozilla Bugzilla 2.16.1
Mozilla Bugzilla 2.17.1
Mozilla Bugzilla 2.16
Mozilla Bugzilla 2.14.2
Mozilla Bugzilla 2.14.3
Mozilla Bugzilla 2.14.4
Mozilla Bugzilla 2.17
Mozilla Bugzilla 2.14.1
Mozilla Bugzilla 2.14
7.5
CVSSv2
CVE-2003-0013
The default .htaccess scripts for Bugzilla 2.14.x prior to 2.14.5, 2.16.x prior to 2.16.2, and 2.17.x prior to 2.17.3 do not include filenames for backup copies of the localconfig file that are made from editors such as vi and Emacs, which could allow remote malicious users to ob...
Mozilla Bugzilla 2.16.1
Mozilla Bugzilla 2.17.1
Mozilla Bugzilla 2.16
Mozilla Bugzilla 2.14.2
Mozilla Bugzilla 2.14.3
Mozilla Bugzilla 2.14.4
Mozilla Bugzilla 2.17
Mozilla Bugzilla 2.14.1
Mozilla Bugzilla 2.14
4.3
CVSSv2
CVE-2012-1968
Bugzilla 4.1.x and 4.2.x prior to 4.2.2 and 4.3.x prior to 4.3.2 uses bug-editor privileges instead of bugmail-recipient privileges during construction of HTML bugmail documents, which allows remote malicious users to obtain sensitive description information by reading the toolti...
Mozilla Bugzilla 4.1.1
Mozilla Bugzilla 4.3.1
Mozilla Bugzilla 4.2
Mozilla Bugzilla 4.2.1
Mozilla Bugzilla 4.3
Mozilla Bugzilla 4.1
Mozilla Bugzilla 4.1.2
Mozilla Bugzilla 4.1.3
1.9
CVSSv2
CVE-2010-2470
Install/Filesystem.pm in Bugzilla 3.5.1 up to and including 3.6.1 and 3.7 up to and including 3.7.1, when use_suexec is enabled, uses world-readable permissions within (1) .bzr/ and (2) data/webdot/, which allows local users to obtain potentially sensitive data by reading files i...
Mozilla Bugzilla 3.6.1
Mozilla Bugzilla 3.7.1
Mozilla Bugzilla 3.7
Mozilla Bugzilla 3.5.3
Mozilla Bugzilla 3.6
Mozilla Bugzilla 3.5.2
Mozilla Bugzilla 3.5.1
5
CVSSv2
CVE-2007-4539
The WebService (XML-RPC) interface in Bugzilla 2.23.3 up to and including 3.0.0 does not enforce permissions for the time-tracking fields of bugs, which allows remote malicious users to obtain sensitive information via certain XML-RPC requests, as demonstrated by the (1) Deadline...
Mozilla Bugzilla 3.0.0
Mozilla Bugzilla 2.23.4
Mozilla Bugzilla 2.23.3
Mozilla Bugzilla 2.6
Mozilla Bugzilla 2.4
Mozilla Bugzilla 2.8
Mozilla Bugzilla 2.9
5.1
CVSSv2
CVE-2012-0453
Cross-site request forgery (CSRF) vulnerability in xmlrpc.cgi in Bugzilla 4.0.2 up to and including 4.0.4 and 4.1.1 up to and including 4.2rc2, when mod_perl is used, allows remote malicious users to hijack the authentication of arbitrary users for requests that modify the produc...
Mozilla Bugzilla 4.0.2
Mozilla Bugzilla 4.0.3
Mozilla Bugzilla 4.0.4
Mozilla Bugzilla 4.1.1
Mozilla Bugzilla 4.2
Mozilla Bugzilla 4.1.2
Mozilla Bugzilla 4.1.3
6.8
CVSSv2
CVE-2009-1213
Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 3.2 prior to 3.2.3, 3.3 prior to 3.3.4, and previous versions versions allows remote malicious users to hijack the authentication of arbitrary users for requests that use attachment editing.
Mozilla Bugzilla 3.3.2
Mozilla Bugzilla 3.2
Mozilla Bugzilla 3.3.3
Mozilla Bugzilla 3.2.2
Mozilla Bugzilla 3.3
Mozilla Bugzilla 3.2.1
Mozilla Bugzilla 3.3.1
7.5
CVSSv2
CVE-2001-1401
Bugzilla prior to 2.14 does not properly restrict access to confidential bugs, which could allow Bugzilla users to bypass viewing permissions via modified bug id parameters in (1) process_bug.cgi, (2) show_activity.cgi, (3) showvotes.cgi, (4) showdependencytree.cgi, (5) showdepen...
Mozilla Bugzilla 2.10
Mozilla Bugzilla 2.6
Mozilla Bugzilla 2.4
Mozilla Bugzilla 2.12
Mozilla Bugzilla 2.8
Mozilla Bugzilla 2.14
7.5
CVSSv2
CVE-2001-1402
Bugzilla prior to 2.14 does not properly escape untrusted parameters, which could allow remote malicious users to conduct unauthorized activities via cross-site scripting (CSS) and possibly SQL injection attacks on (1) the product or output form variables for reports.cgi, (2) the...
Mozilla Bugzilla 2.10
Mozilla Bugzilla 2.6
Mozilla Bugzilla 2.4
Mozilla Bugzilla 2.12
Mozilla Bugzilla 2.8
Mozilla Bugzilla 2.14
7.5
CVSSv2
CVE-2001-1403
Bugzilla prior to 2.14 includes the username and password in URLs, which could allow malicious users to gain privileges by reading the information from the web server logs, or by "shoulder-surfing" and observing the web browser's location bar.
Mozilla Bugzilla 2.10
Mozilla Bugzilla 2.6
Mozilla Bugzilla 2.4
Mozilla Bugzilla 2.12
Mozilla Bugzilla 2.8
Mozilla Bugzilla 2.14
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
logic flaw
CVE-2024-23692
CVE-2024-26229
CVE-2024-35255
CVE-2024-5835
CVE-2024-5837
XML external entity
dos
CVE-2024-5813
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »