Mozilla

Bugzilla

145 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 1.7%
  • Veröffentlicht 03.02.2010 19:30:00
  • Zuletzt bearbeitet 16.06.2026 23:11:30

Bugzilla 3.3.1 through 3.4.4, 3.5.1, and 3.5.2 does not allow group restrictions to be preserved throughout the process of moving a bug to a different product category, which allows remote attackers to obtain sensitive information via a request for a...

  • EPSS 1.53%
  • Veröffentlicht 03.02.2010 19:30:00
  • Zuletzt bearbeitet 16.06.2026 23:12:46

Bugzilla before 3.0.11, 3.2.x before 3.2.6, 3.4.x before 3.4.5, and 3.5.x before 3.5.3 does not block access to files and directories that are used by custom installations, which allows remote attackers to obtain sensitive information via requests fo...

  • EPSS 1.73%
  • Veröffentlicht 20.11.2009 17:30:00
  • Zuletzt bearbeitet 16.06.2026 23:11:30

Template.pm in Bugzilla 3.3.2 through 3.4.3 and 3.5 through 3.5.1 allows remote attackers to discover the alias of a private bug by reading the (1) Depends On or (2) Blocks field of a related bug.

  • EPSS 1.39%
  • Veröffentlicht 15.09.2009 22:30:00
  • Zuletzt bearbeitet 16.06.2026 23:10:59

SQL injection vulnerability in the Bug.search WebService function in Bugzilla 3.3.2 through 3.4.1, and 3.5, allows remote attackers to execute arbitrary SQL commands via unspecified parameters.

  • EPSS 1.39%
  • Veröffentlicht 15.09.2009 22:30:00
  • Zuletzt bearbeitet 16.06.2026 23:11:03

SQL injection vulnerability in the Bug.create WebService function in Bugzilla 2.23.4 through 3.0.8, 3.1.1 through 3.2.4, and 3.3.1 through 3.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters.

  • EPSS 1.16%
  • Veröffentlicht 15.09.2009 22:30:00
  • Zuletzt bearbeitet 16.06.2026 23:11:03

token.cgi in Bugzilla 3.4rc1 through 3.4.1 places a password in a URL at the beginning of a login session that occurs immediately after a password reset, which allows context-dependent attackers to discover passwords by reading (1) web-server access ...

  • EPSS 0.69%
  • Veröffentlicht 01.04.2009 10:30:00
  • Zuletzt bearbeitet 16.06.2026 23:06:47

Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 3.2 before 3.2.3, 3.3 before 3.3.4, and earlier versions allows remote attackers to hijack the authentication of arbitrary users for requests that use attachment editing.

  • EPSS 1.15%
  • Veröffentlicht 09.02.2009 18:30:00
  • Zuletzt bearbeitet 16.06.2026 23:01:36

Bugzilla 3.2 before 3.2 RC2, 3.0 before 3.0.6, 2.22 before 2.22.6, 2.20 before 2.20.7, and other versions after 2.17.4 allows remote authenticated users to bypass moderation to approve and disapprove quips via a direct request to quips.cgi with the a...

  • EPSS 0.74%
  • Veröffentlicht 09.02.2009 17:30:00
  • Zuletzt bearbeitet 16.06.2026 23:05:07

Bugzilla 2.x before 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote authenticated users to conduct cross-site scripting (XSS) and related attacks by uploading HTML and JavaScript attachments that are rendered by web bro...

  • EPSS 0.5%
  • Veröffentlicht 09.02.2009 17:30:00
  • Zuletzt bearbeitet 16.06.2026 23:05:08

Cross-site request forgery (CSRF) vulnerability in Bugzilla before 3.2 before 3.2.1, 3.3 before 3.3.2, and other versions before 3.2 allows remote attackers to perform bug updating activities as other users via a link or IMG tag to process_bug.cgi.