Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mozilla bugzilla 2.23.3 vulnerabilities and exploits
(subscribe to this query)
2.6
CVSSv2
CVE-2006-5455
Cross-site request forgery (CSRF) vulnerability in editversions.cgi in Bugzilla prior to 2.22.1 and 2.23.x prior to 2.23.3 allows user-assisted remote malicious users to create, modify, or delete arbitrary bug reports via a crafted URL.
Mozilla Bugzilla 2.23
Mozilla Bugzilla 2.23.1
Mozilla Bugzilla 2.23.2
Mozilla Bugzilla
6.8
CVSSv2
CVE-2011-3668
Cross-site request forgery (CSRF) vulnerability in post_bug.cgi in Bugzilla 2.x, 3.x, and 4.x prior to 4.2rc1 allows remote malicious users to hijack the authentication of arbitrary users for requests that create bug reports.
Mozilla Bugzilla 2.20
Mozilla Bugzilla 2.22
Mozilla Bugzilla 2.21
Mozilla Bugzilla 2.4
Mozilla Bugzilla 2.23.3
Mozilla Bugzilla 2.16.6
Mozilla Bugzilla 2.16.11
Mozilla Bugzilla 2.16.10
Mozilla Bugzilla 2.23.4
Mozilla Bugzilla 2.14.2
Mozilla Bugzilla 2.18.3
Mozilla Bugzilla 2.17.7
Mozilla Bugzilla 2.17.6
Mozilla Bugzilla 2.16.8
Mozilla Bugzilla 2.16.9
Mozilla Bugzilla 2.20.4
Mozilla Bugzilla 2.0
Mozilla Bugzilla 2.18.9
Mozilla Bugzilla 2.2
Mozilla Bugzilla 2.22.6
Mozilla Bugzilla 2.22.7
Mozilla Bugzilla 2.19.2
6.8
CVSSv2
CVE-2011-3669
Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.x prior to 4.2rc1 allows remote malicious users to hijack the authentication of arbitrary users for requests that upload attachments.
Mozilla Bugzilla 2.19
Mozilla Bugzilla 2.19.1
Mozilla Bugzilla 2.20.3
Mozilla Bugzilla 2.20
Mozilla Bugzilla 2.23
Mozilla Bugzilla 2.22.1
Mozilla Bugzilla 2.8
Mozilla Bugzilla 2.16.5
Mozilla Bugzilla 2.16
Mozilla Bugzilla 2.14.5
Mozilla Bugzilla 2.14.3
Mozilla Bugzilla 2.18
Mozilla Bugzilla 2.17.3
Mozilla Bugzilla 2.22.2
Mozilla Bugzilla 2.12
Mozilla Bugzilla 2.18.6
Mozilla Bugzilla 2.18.6\\+
Mozilla Bugzilla 2.20.7
Mozilla Bugzilla 2.21.2
Mozilla Bugzilla 2.22.3
Mozilla Bugzilla 2.18.4
Mozilla Bugzilla 2.18.5
6.8
CVSSv2
CVE-2011-3667
The User.offer_account_by_email WebService method in Bugzilla 2.x and 3.x prior to 3.4.13, 3.5.x and 3.6.x prior to 3.6.7, 3.7.x and 4.0.x prior to 4.0.3, and 4.1.x up to and including 4.1.3, when createemailregexp is not empty, does not properly handle user_can_create_account se...
Mozilla Bugzilla 3.3.1
Mozilla Bugzilla 3.7.2
Mozilla Bugzilla 3.0.0
Mozilla Bugzilla 3.1.1
Mozilla Bugzilla 3.0.5
Mozilla Bugzilla 3.0.6
Mozilla Bugzilla 3.2.4
Mozilla Bugzilla 3.2.5
Mozilla Bugzilla 3.3.4
Mozilla Bugzilla 3.4
Mozilla Bugzilla 3.0
Mozilla Bugzilla 3.7.3
Mozilla Bugzilla 3.0.1
Mozilla Bugzilla 3.0.10
Mozilla Bugzilla 3.0.11
Mozilla Bugzilla 3.0.9
Mozilla Bugzilla 3.2.10
Mozilla Bugzilla 3.2.8
Mozilla Bugzilla 3.2.9
Mozilla Bugzilla 3.4.12
Mozilla Bugzilla 3.4.2
Mozilla Bugzilla 3.4.9
4.3
CVSSv2
CVE-2011-3657
Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.x and 3.x prior to 3.4.13, 3.5.x and 3.6.x prior to 3.6.7, 3.7.x and 4.0.x prior to 4.0.3, and 4.1.x up to and including 4.1.3, when debug mode is used, allow remote malicious users to inject arbitrary web script o...
Mozilla Bugzilla 3.7.1
Mozilla Bugzilla 3.3.1
Mozilla Bugzilla 3.7.2
Mozilla Bugzilla 3.0.0
Mozilla Bugzilla 3.1.1
Mozilla Bugzilla 3.0.4
Mozilla Bugzilla 3.0.5
Mozilla Bugzilla 3.2.3
Mozilla Bugzilla 3.2.4
Mozilla Bugzilla 3.2.5
Mozilla Bugzilla 3.3.4
Mozilla Bugzilla 3.4
Mozilla Bugzilla 3.4.4
Mozilla Bugzilla 3.4.5
Mozilla Bugzilla 3.5.2
Mozilla Bugzilla 3.5.3
Mozilla Bugzilla 3.6.5
Mozilla Bugzilla 3.2
Mozilla Bugzilla 3.0
Mozilla Bugzilla 3.7.3
Mozilla Bugzilla 3.0.1
Mozilla Bugzilla 3.1.3
4.3
CVSSv2
CVE-2012-1969
The get_attachment_link function in Template.pm in Bugzilla 2.x and 3.x prior to 3.6.10, 3.7.x and 4.0.x prior to 4.0.7, 4.1.x and 4.2.x prior to 4.2.2, and 4.3.x prior to 4.3.2 does not check whether an attachment is private before presenting the attachment description within a ...
Mozilla Bugzilla 2.22.7
Mozilla Bugzilla 2.16
Mozilla Bugzilla 2.20
Mozilla Bugzilla 2.22
Mozilla Bugzilla 2.21
Mozilla Bugzilla 2.4
Mozilla Bugzilla 2.2
Mozilla Bugzilla 2.0
Mozilla Bugzilla 2.19.2
Mozilla Bugzilla 2.19.3
Mozilla Bugzilla 2.21.1
Mozilla Bugzilla 2.23.1
Mozilla Bugzilla 2.23.2
Mozilla Bugzilla 2.9
Mozilla Bugzilla 2.16.6
Mozilla Bugzilla 2.16.11
Mozilla Bugzilla 2.23.4
Mozilla Bugzilla 2.21.2
Mozilla Bugzilla 2.18.2
Mozilla Bugzilla 2.18.3
Mozilla Bugzilla 2.17.4
Mozilla Bugzilla 2.22.3
5
CVSSv2
CVE-2012-3981
Auth/Verify/LDAP.pm in Bugzilla 2.x and 3.x prior to 3.6.11, 3.7.x and 4.0.x prior to 4.0.8, 4.1.x and 4.2.x prior to 4.2.3, and 4.3.x prior to 4.3.3 does not restrict the characters in a username, which might allow remote malicious users to inject data into an LDAP directory via...
Mozilla Bugzilla 2.18.6\\+
Mozilla Bugzilla 2.19.1
Mozilla Bugzilla 2.18.4
Mozilla Bugzilla 2.20.3
Mozilla Bugzilla 2.20
Mozilla Bugzilla 2.22.1
Mozilla Bugzilla 2.22
Mozilla Bugzilla 2.17.2
Mozilla Bugzilla 2.16.5
Mozilla Bugzilla 2.16.3
Mozilla Bugzilla 2.16.2
Mozilla Bugzilla 2.14.1
Mozilla Bugzilla 2.14.4
Mozilla Bugzilla 2.18
Mozilla Bugzilla 2.20.6
Mozilla Bugzilla 2.17.6
Mozilla Bugzilla 2.17.1
Mozilla Bugzilla 2.22.2
Mozilla Bugzilla 2.0
Mozilla Bugzilla 2.19
Mozilla Bugzilla 2.19.3
Mozilla Bugzilla 2.20.2
4
CVSSv2
CVE-2012-0466
template/en/default/list/list.js.tmpl in Bugzilla 2.x and 3.x prior to 3.6.9, 3.7.x and 4.0.x prior to 4.0.6, and 4.1.x and 4.2.x prior to 4.2.1 does not properly handle multiple logins, which allows remote malicious users to conduct cross-site scripting (XSS) attacks and obtain ...
Mozilla Bugzilla 2.22.7
Mozilla Bugzilla 2.16
Mozilla Bugzilla 2.20
Mozilla Bugzilla 2.19.2
Mozilla Bugzilla 2.22
Mozilla Bugzilla 2.21
Mozilla Bugzilla 2.4
Mozilla Bugzilla 2.23.3
Mozilla Bugzilla 2.23.2
Mozilla Bugzilla 2.16.7
Mozilla Bugzilla 2.16.6
Mozilla Bugzilla 2.16.1
Mozilla Bugzilla 2.18.1
Mozilla Bugzilla 2.18.2
Mozilla Bugzilla 2.22.4
Mozilla Bugzilla 2.17.4
Mozilla Bugzilla 2.18.9
Mozilla Bugzilla 2.16.9
Mozilla Bugzilla 2.18.6\\+
Mozilla Bugzilla 2.20.7
Mozilla Bugzilla 2.18.5
Mozilla Bugzilla 2.20.1
4
CVSSv2
CVE-2012-0448
Bugzilla 2.x and 3.x prior to 3.4.14, 3.5.x and 3.6.x prior to 3.6.8, 3.7.x and 4.0.x prior to 4.0.4, and 4.1.x and 4.2.x prior to 4.2rc2 does not reject non-ASCII characters in e-mail addresses of new user accounts, which makes it easier for remote authenticated users to spoof o...
Mozilla Bugzilla 2.18.6\\+
Mozilla Bugzilla 2.20.7
Mozilla Bugzilla 2.18.4
Mozilla Bugzilla 2.18.5
Mozilla Bugzilla 2.20.1
Mozilla Bugzilla 2.21.2
Mozilla Bugzilla 2.22
Mozilla Bugzilla 2.6
Mozilla Bugzilla 2.17.2
Mozilla Bugzilla 2.16.4
Mozilla Bugzilla 2.16
Mozilla Bugzilla 2.14.5
Mozilla Bugzilla 2.14.4
Mozilla Bugzilla 2.14.3
Mozilla Bugzilla 2.18
Mozilla Bugzilla 2.20.5
Mozilla Bugzilla 2.16.8
Mozilla Bugzilla 2.22.2
Mozilla Bugzilla 2.22.6
Mozilla Bugzilla 3.0
Mozilla Bugzilla 3.0.7
Mozilla Bugzilla 3.0.11
5
CVSSv2
CVE-2012-4197
Bugzilla/Attachment.pm in attachment.cgi in Bugzilla 2.x and 3.x prior to 3.6.12, 3.7.x and 4.0.x prior to 4.0.9, 4.1.x and 4.2.x prior to 4.2.4, and 4.3.x and 4.4.x prior to 4.4rc1 allows remote malicious users to read attachment descriptions from private bugs via an obsolete=1 ...
Mozilla Bugzilla 2.18.6\\+
Mozilla Bugzilla 2.20.7
Mozilla Bugzilla 2.18.4
Mozilla Bugzilla 2.18.5
Mozilla Bugzilla 2.20
Mozilla Bugzilla 2.20.1
Mozilla Bugzilla 2.22.1
Mozilla Bugzilla 2.22
Mozilla Bugzilla 2.6
Mozilla Bugzilla 2.17.2
Mozilla Bugzilla 2.16.4
Mozilla Bugzilla 2.16.2
Mozilla Bugzilla 2.16
Mozilla Bugzilla 2.14.4
Mozilla Bugzilla 2.14.3
Mozilla Bugzilla 2.18
Mozilla Bugzilla 2.17.6
Mozilla Bugzilla 2.20.5
Mozilla Bugzilla 2.22.2
Mozilla Bugzilla 2.22.6
Mozilla Bugzilla 2.19
Mozilla Bugzilla 2.19.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »