Filtered by vendor Mozilla
Subscriptions
Filtered by product Bugzilla
Subscriptions
Total
151 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-2759 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | N/A |
| Bugzilla 2.23.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2, when PostgreSQL is used, does not properly handle large integers in (1) bug and (2) attachment phrases, which allows remote authenticated users to cause a denial of service (bug invisibility) via a crafted comment. | ||||
| CVE-2010-3172 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | N/A |
| CRLF injection vulnerability in Bugzilla before 3.2.9, 3.4.x before 3.4.9, 3.6.x before 3.6.3, and 4.0.x before 4.0rc1, when Server Push is enabled in a web browser, allows remote attackers to inject arbitrary HTTP headers and content, and conduct HTTP response splitting attacks, via a crafted URL. | ||||
| CVE-2010-3764 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | N/A |
| The Old Charts implementation in Bugzilla 2.12 through 3.2.8, 3.4.8, 3.6.2, 3.7.3, and 4.1 creates graph files with predictable names in graphs/, which allows remote attackers to obtain sensitive information via a modified URL. | ||||
| CVE-2010-4567 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | N/A |
| Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 does not properly handle whitespace preceding a (1) javascript: or (2) data: URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the URL (aka bug_file_loc) field. | ||||
| CVE-2010-4569 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in Bugzilla 3.7.1, 3.7.2, 3.7.3, and 4.0rc1 allows remote attackers to inject arbitrary web script or HTML via the real name field of a user account, related to the AutoComplete widget in YUI. | ||||
| CVE-2010-4570 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the duplicate-detection functionality in Bugzilla 3.7.1, 3.7.2, 3.7.3, and 4.0rc1 allows remote attackers to inject arbitrary web script or HTML via the summary field, related to the DataTable widget in YUI. | ||||
| CVE-2012-1969 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | N/A |
| The get_attachment_link function in Template.pm in Bugzilla 2.x and 3.x before 3.6.10, 3.7.x and 4.0.x before 4.0.7, 4.1.x and 4.2.x before 4.2.2, and 4.3.x before 4.3.2 does not check whether an attachment is private before presenting the attachment description within a public comment, which allows remote attackers to obtain sensitive description information by reading a comment. | ||||
| CVE-2011-0046 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 allow remote attackers to hijack the authentication of arbitrary users for requests related to (1) adding a saved search in buglist.cgi, (2) voting in votes.cgi, (3) sanity checking in sanitycheck.cgi, (4) creating or editing a chart in chart.cgi, (5) column changing in colchange.cgi, and (6) adding, deleting, or approving a quip in quips.cgi. | ||||
| CVE-2013-1734 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allows remote attackers to hijack the authentication of arbitrary users for requests that commit an attachment change via an update action. | ||||
| CVE-2011-2976 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in Bugzilla 2.16rc1 through 2.22.7, 3.0.x through 3.3.x, and 3.4.x before 3.4.12 allows remote attackers to inject arbitrary web script or HTML via vectors involving a BUGLIST cookie. | ||||
| CVE-2012-4198 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | N/A |
| The User.get method in Bugzilla/WebService/User.pm in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1 has a different outcome for a groups request depending on whether a group exists, which allows remote authenticated users to discover private group names by observing whether a call throws an error. | ||||
| CVE-2011-2978 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | N/A |
| Bugzilla 2.16rc1 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 does not prevent changes to the confirmation e-mail address (aka old_email field) for e-mail change notifications, which makes it easier for remote attackers to perform arbitrary address changes by leveraging an unattended workstation. | ||||
| CVE-2011-2979 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | N/A |
| Bugzilla 4.1.x before 4.1.3 generates different responses for certain assignee queries depending on whether the group name is valid, which allows remote attackers to determine the existence of private group names via a custom search. NOTE: this vulnerability exists because of a CVE-2010-2756 regression. | ||||
| CVE-2011-3657 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.x and 3.x before 3.4.13, 3.5.x and 3.6.x before 3.6.7, 3.7.x and 4.0.x before 4.0.3, and 4.1.x through 4.1.3, when debug mode is used, allow remote attackers to inject arbitrary web script or HTML via vectors involving a (1) tabular report, (2) graphical report, or (3) new chart. | ||||
| CVE-2011-3668 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in post_bug.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2rc1 allows remote attackers to hijack the authentication of arbitrary users for requests that create bug reports. | ||||
| CVE-2011-3669 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2rc1 allows remote attackers to hijack the authentication of arbitrary users for requests that upload attachments. | ||||
| CVE-2012-0440 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in jsonrpc.cgi in Bugzilla 3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and 4.1.x and 4.2.x before 4.2rc2 allows remote attackers to hijack the authentication of arbitrary users for requests that use the JSON-RPC API. | ||||
| CVE-2012-0453 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in xmlrpc.cgi in Bugzilla 4.0.2 through 4.0.4 and 4.1.1 through 4.2rc2, when mod_perl is used, allows remote attackers to hijack the authentication of arbitrary users for requests that modify the product's installation via the XML-RPC API. | ||||
| CVE-2012-0465 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | N/A |
| Bugzilla 3.5.x and 3.6.x before 3.6.9, 3.7.x and 4.0.x before 4.0.6, and 4.1.x and 4.2.x before 4.2.1, when the inbound_proxies option is enabled, does not properly validate the X-Forwarded-For HTTP header, which allows remote attackers to bypass the lockout policy via a series of authentication requests with (1) different IP address strings in this header or (2) a long string in this header. | ||||
| CVE-2010-4207 | 3 Moodle, Mozilla, Yahoo | 3 Moodle, Bugzilla, Yui | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to charts/assets/charts.swf. | ||||