Bugzilla prior to 2.14 includes the username and password in URLs, which could allow malicious users to gain privileges by reading the information from the web server logs, or by "shoulder-surfing" and observing the web browser's location bar.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla bugzilla 2.14 |
||
mozilla bugzilla 2.4 |
||
mozilla bugzilla 2.10 |
||
mozilla bugzilla 2.12 |
||
mozilla bugzilla 2.6 |
||
mozilla bugzilla 2.8 |