describecomponents.cgi in Bugzilla 2.17.3 and 2.17.4 does not properly verify group membership when bug entry groups are used, which allows remote malicious users to list component descriptions for otherwise restricted products.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla bugzilla 2.12 |
||
mozilla bugzilla 2.14 |
||
mozilla bugzilla 2.16.1 |
||
mozilla bugzilla 2.16.2 |
||
mozilla bugzilla 2.8 |
||
mozilla bugzilla 2.14.3 |
||
mozilla bugzilla 2.14.4 |
||
mozilla bugzilla 2.17.3 |
||
mozilla bugzilla 2.17.4 |
||
mozilla bugzilla 2.10 |
||
mozilla bugzilla 2.14.5 |
||
mozilla bugzilla 2.16 |
||
mozilla bugzilla 2.4 |
||
mozilla bugzilla 2.6 |
||
mozilla bugzilla 2.14.1 |
||
mozilla bugzilla 2.14.2 |
||
mozilla bugzilla 2.16.3 |
||
mozilla bugzilla 2.17.1 |