ReportizFlow
Filtered by vendor Mozilla
Subscriptions
Filtered by product Bugzilla
Subscriptions
Total
151 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-7292 | 2 Microsoft, Mozilla | 2 Windows, Bugzilla | 2025-04-11 | N/A |
| Bugzilla 2.20.x before 2.20.5, 2.22.x before 2.22.3, and 3.0.x before 3.0.3 on Windows does not delete the temporary files associated with uploaded attachments, which allows local users to obtain sensitive information by reading these files, a different vulnerability than CVE-2011-2977. | ||||
| CVE-2012-3981 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | N/A |
| Auth/Verify/LDAP.pm in Bugzilla 2.x and 3.x before 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 does not restrict the characters in a username, which might allow remote attackers to inject data into an LDAP directory via a crafted login attempt. | ||||
| CVE-2013-1743 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in report.cgi in Bugzilla 4.1.x and 4.2.x before 4.2.7 and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via a field value that is not properly handled during construction of a tabular report, as demonstrated by the (1) summary or (2) real name field. NOTE: this issue exists because of an incomplete fix for CVE-2012-4189. | ||||
| CVE-2011-0046 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 allow remote attackers to hijack the authentication of arbitrary users for requests related to (1) adding a saved search in buglist.cgi, (2) voting in votes.cgi, (3) sanity checking in sanitycheck.cgi, (4) creating or editing a chart in chart.cgi, (5) column changing in colchange.cgi, and (6) adding, deleting, or approving a quip in quips.cgi. | ||||
| CVE-2010-2759 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | N/A |
| Bugzilla 2.23.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2, when PostgreSQL is used, does not properly handle large integers in (1) bug and (2) attachment phrases, which allows remote authenticated users to cause a denial of service (bug invisibility) via a crafted comment. | ||||
| CVE-2010-4567 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | N/A |
| Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 does not properly handle whitespace preceding a (1) javascript: or (2) data: URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the URL (aka bug_file_loc) field. | ||||
| CVE-2010-4207 | 3 Moodle, Mozilla, Yahoo | 3 Moodle, Bugzilla, Yui | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to charts/assets/charts.swf. | ||||
| CVE-2012-5884 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | N/A |
| The User.get method in Bugzilla/WebService/User.pm in Bugzilla 4.3.2 allows remote attackers to obtain sensitive information about the saved searches of arbitrary users via an XMLRPC request or a JSONRPC request, a different vulnerability than CVE-2012-4198. | ||||
| CVE-2012-1968 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | N/A |
| Bugzilla 4.1.x and 4.2.x before 4.2.2 and 4.3.x before 4.3.2 uses bug-editor privileges instead of bugmail-recipient privileges during construction of HTML bugmail documents, which allows remote attackers to obtain sensitive description information by reading the tooltip portions of an HTML e-mail message. | ||||
| CVE-2010-4208 | 3 Moodle, Mozilla, Yahoo | 3 Moodle, Bugzilla, Yui | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader/assets/uploader.swf. | ||||
| CVE-2012-0448 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | N/A |
| Bugzilla 2.x and 3.x before 3.4.14, 3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and 4.1.x and 4.2.x before 4.2rc2 does not reject non-ASCII characters in e-mail addresses of new user accounts, which makes it easier for remote authenticated users to spoof other user accounts by choosing a similar e-mail address. | ||||
| CVE-2012-5883 | 2 Mozilla, Yahoo | 2 Bugzilla, Yui | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209. | ||||
| CVE-2010-4572 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | N/A |
| CRLF injection vulnerability in chart.cgi in Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the query string, a different vulnerability than CVE-2010-2761 and CVE-2010-4411. | ||||
| CVE-2012-1969 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | N/A |
| The get_attachment_link function in Template.pm in Bugzilla 2.x and 3.x before 3.6.10, 3.7.x and 4.0.x before 4.0.7, 4.1.x and 4.2.x before 4.2.2, and 4.3.x before 4.3.2 does not check whether an attachment is private before presenting the attachment description within a public comment, which allows remote attackers to obtain sensitive description information by reading a comment. | ||||
| CVE-2010-4209 | 2 Mozilla, Yahoo | 2 Bugzilla, Yui | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.8.1, as used in Bugzilla 3.7.1 through 3.7.3 and 4.1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore/swfstore.swf. | ||||
| CVE-2012-0466 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | N/A |
| template/en/default/list/list.js.tmpl in Bugzilla 2.x and 3.x before 3.6.9, 3.7.x and 4.0.x before 4.0.6, and 4.1.x and 4.2.x before 4.2.1 does not properly handle multiple logins, which allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive bug information via a crafted web page. | ||||
| CVE-2012-0465 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | N/A |
| Bugzilla 3.5.x and 3.6.x before 3.6.9, 3.7.x and 4.0.x before 4.0.6, and 4.1.x and 4.2.x before 4.2.1, when the inbound_proxies option is enabled, does not properly validate the X-Forwarded-For HTTP header, which allows remote attackers to bypass the lockout policy via a series of authentication requests with (1) different IP address strings in this header or (2) a long string in this header. | ||||
| CVE-2012-4189 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in Bugzilla 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via a field value that is not properly handled during construction of a tabular report, as demonstrated by the Version field. | ||||
| CVE-2013-1734 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | N/A |
| Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allows remote attackers to hijack the authentication of arbitrary users for requests that commit an attachment change via an update action. | ||||
| CVE-2011-2381 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | N/A |
| CRLF injection vulnerability in Bugzilla 2.17.1 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 allows remote attackers to inject arbitrary e-mail headers via an attachment description in a flagmail notification. | ||||