Bugzilla 2.18.x prior to 2.18.6, 2.20.x prior to 2.20.3, 2.22.x prior to 2.22.1, and 2.23.x prior to 2.23.3 allow remote malicious users to obtain (1) the description of arbitrary attachments by viewing the attachment in "diff" mode in attachment.cgi, and (2) the deadline field by viewing the XML format of the bug in show_bug.cgi.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla bugzilla 2.18.2 |
||
mozilla bugzilla 2.18.3 |
||
mozilla bugzilla 2.20.1 |
||
mozilla bugzilla 2.20.2 |
||
mozilla bugzilla 2.18 |
||
mozilla bugzilla 2.18.1 |
||
mozilla bugzilla 2.20 |
||
mozilla bugzilla 2.23.1 |
||
mozilla bugzilla 2.23.2 |
||
mozilla bugzilla 2.18.4 |
||
mozilla bugzilla 2.18.5 |
||
mozilla bugzilla 2.22 |
||
mozilla bugzilla 2.23 |