Vulnerabilities > Mozilla > Bugzilla > 2.14.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-11-05 | CVE-2010-3172 | Code Injection vulnerability in Mozilla Bugzilla CRLF injection vulnerability in Bugzilla before 3.2.9, 3.4.x before 3.4.9, 3.6.x before 3.6.3, and 4.0.x before 4.0rc1, when Server Push is enabled in a web browser, allows remote attackers to inject arbitrary HTTP headers and content, and conduct HTTP response splitting attacks, via a crafted URL. | 2.6 |
2010-02-03 | CVE-2009-3989 | Permissions, Privileges, and Access Controls vulnerability in Mozilla Bugzilla Bugzilla before 3.0.11, 3.2.x before 3.2.6, 3.4.x before 3.4.5, and 3.5.x before 3.5.3 does not block access to files and directories that are used by custom installations, which allows remote attackers to obtain sensitive information via requests for (1) CVS/, (2) contrib/, (3) docs/en/xml/, (4) t/, or (5) old-params.txt. | 4.3 |
2009-02-09 | CVE-2009-0483 | Cross-Site Request Forgery (CSRF) vulnerability in Mozilla Bugzilla Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.22 before 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote attackers to delete keywords and user preferences via a link or IMG tag to (1) editkeywords.cgi or (2) userprefs.cgi. | 5.8 |
2009-02-09 | CVE-2009-0482 | Cross-Site Request Forgery (CSRF) vulnerability in Mozilla Bugzilla Cross-site request forgery (CSRF) vulnerability in Bugzilla before 3.2 before 3.2.1, 3.3 before 3.3.2, and other versions before 3.2 allows remote attackers to perform bug updating activities as other users via a link or IMG tag to process_bug.cgi. | 5.8 |
2009-02-09 | CVE-2009-0481 | Cross-Site Scripting vulnerability in Mozilla Bugzilla Bugzilla 2.x before 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and 3.3 before 3.3.2 allows remote authenticated users to conduct cross-site scripting (XSS) and related attacks by uploading HTML and JavaScript attachments that are rendered by web browsers. | 3.5 |
2008-05-07 | CVE-2008-2105 | Permissions, Privileges, and Access Controls vulnerability in Mozilla Bugzilla email_in.pl in Bugzilla 2.23.4, 3.0.x before 3.0.4, and 3.1.x before 3.1.4 allows remote authenticated users to more easily spoof the changer of a bug via a @reporter command in the body of an e-mail message, which overrides the e-mail address as normally obtained from the From e-mail header. | 3.5 |
2006-10-23 | CVE-2006-5455 | Input Validation and Information disclosure vulnerability in Mozilla Bugzilla Cross-site request forgery (CSRF) vulnerability in editversions.cgi in Bugzilla before 2.22.1 and 2.23.x before 2.23.3 allows user-assisted remote attackers to create, modify, or delete arbitrary bug reports via a crafted URL. | 2.6 |
2005-12-28 | CVE-2005-4534 | Unspecified vulnerability in Mozilla Bugzilla The shadow database feature (syncshadowdb) in Bugzilla 2.9 through 2.16.10 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | 7.5 |
2005-05-14 | CVE-2005-1563 | Information Disclosure vulnerability in Bugzilla Hidden Product Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 displays a different error message depending on whether a product exists or not, which allows remote attackers to determine hidden products. | 5.0 |
2005-05-12 | CVE-2005-1565 | Information Disclosure vulnerability in Bugzilla Authentication Bugzilla 2.17.1 through 2.18, 2.19.1, and 2.19.2, when a user is prompted to log in while attempting to view a chart, displays the password in the URL, which may allow local users to gain sensitive information from web logs or browser history. | 5.0 |