Bugzilla 2.17.x, 2.18 prior to 2.18.2, 2.19.x, and 2.20 prior to 2.20rc1 inserts a bug into the database before it is marked private, which introduces a race condition and allows malicious users to access information about the bug via buglist.cgi before MySQL replication is complete.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla bugzilla 2.18 |
||
mozilla bugzilla 2.18.1 |
||
mozilla bugzilla 2.17.1 |
||
mozilla bugzilla 2.17.3 |
||
mozilla bugzilla 2.17.4 |
||
mozilla bugzilla 2.17.6 |
||
mozilla bugzilla 2.19 |
||
mozilla bugzilla 2.19.2 |
||
mozilla bugzilla 2.17.5 |
||
mozilla bugzilla 2.17.7 |
||
mozilla bugzilla 2.19.1 |
||
mozilla bugzilla 2.19.3 |