Filtered by vendor Mozilla
Subscriptions
Filtered by product Bugzilla
Subscriptions
Total
151 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-1564 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | N/A |
| post_bug.cgi in Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 allows remote authenticated users to "enter bugs into products that are closed for bug entry" by modifying the URL to specify the name of the product. | ||||
| CVE-2005-1563 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | N/A |
| Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 displays a different error message depending on whether a product exists or not, which allows remote attackers to determine hidden products. | ||||
| CVE-2004-1634 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | N/A |
| show_bug.cgi in Bugzilla 2.17.1 through 2.18rc2 and 2.19 from CVS, when using the insidergroup feature and exporting a bug to XML, shows comments and attachment summaries which are marked as private, which allows remote attackers to gain sensitive information. | ||||
| CVE-2004-1633 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | N/A |
| process_bug.cgi in Bugzilla 2.9 through 2.18rc2 and 2.19 from CVS does not check edit permissions on the keywords field, which allows remote authenticated users to modify the keywords in a bug via the keywordaction parameter. | ||||
| CVE-2004-1061 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Bugzilla before 2.18, including 2.16.x before 2.16.11, allows remote attackers to inject arbitrary HTML and web script via forced error messages, as demonstrated using the action parameter. | ||||
| CVE-2004-0706 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | N/A |
| Bugzilla 2.17.5 through 2.17.7 embeds the password in an image URL, which could allow local users to view the password in the web server log files. | ||||
| CVE-2004-0704 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | N/A |
| Unknown vulnerability in (1) duplicates.cgi and (2) buglist.cgi in Bugzilla 2.16.x before 2.16.6, 2.18 before 2.18rc1, when configured to hide products, allows remote attackers to view hidden products. | ||||
| CVE-2004-0703 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | N/A |
| Unknown vulnerability in the administrative controls in Bugzilla 2.17.1 through 2.17.7 allows users with "grant membership" privileges to grant memberships to groups that the user does not control. | ||||
| CVE-2005-3138 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | N/A |
| Bugzilla 2.18rc1 through 2.18.3, 2.19 through 2.20rc2, and 2.21 allows remote attackers to obtain sensitive information such as the list of installed products via the config.cgi file, which is accessible even when the requirelogin parameter is set. | ||||
| CVE-2005-3139 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | N/A |
| Bugzilla 2.19.1 through 2.20rc2 and 2.21, with user matching turned on in substring mode, allows attackers to list all users whose names match an arbitrary substring, even when the usevisibilitygroups parameter is set. | ||||
| CVE-2018-5123 | 1 Mozilla | 1 Bugzilla | 2024-11-21 | N/A |
| A third party website can access information available to a user with access to a restricted bug entry using the image generation in report.cgi in all Bugzilla versions prior to 4.4. | ||||