Vulnerabilities > Mozilla > Bugzilla > 3.5.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-08-16 | CVE-2010-2758 | Information Exposure vulnerability in Mozilla Bugzilla Bugzilla 2.17.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 generates different error messages depending on whether a product exists, which makes it easier for remote attackers to guess product names via unspecified use of the (1) Reports or (2) Duplicates page. | 5.0 |
2010-08-16 | CVE-2010-2757 | Cryptographic Issues vulnerability in Mozilla Bugzilla The sudo feature in Bugzilla 2.22rc1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 does not properly send impersonation notifications, which makes it easier for remote authenticated users to impersonate other users without discovery. | 6.5 |
2010-08-16 | CVE-2010-2756 | Permissions, Privileges, and Access Controls vulnerability in Mozilla Bugzilla Search.pm in Bugzilla 2.19.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 allows remote attackers to determine the group memberships of arbitrary users via vectors involving the Search interface, boolean charts, and group-based pronouns. | 5.0 |
2010-06-28 | CVE-2010-2470 | Permissions, Privileges, and Access Controls vulnerability in Mozilla Bugzilla Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6.1 and 3.7 through 3.7.1, when use_suexec is enabled, uses world-readable permissions within (1) .bzr/ and (2) data/webdot/, which allows local users to obtain potentially sensitive data by reading files in these directories, a different vulnerability than CVE-2010-0180. | 1.9 |
2010-06-28 | CVE-2010-1204 | Permissions, Privileges, and Access Controls vulnerability in Mozilla Bugzilla Search.pm in Bugzilla 2.17.1 through 3.2.6, 3.3.1 through 3.4.6, 3.5.1 through 3.6, and 3.7 allows remote attackers to obtain potentially sensitive time-tracking information via a crafted search URL, related to a "boolean chart search." | 5.0 |
2010-06-28 | CVE-2010-0180 | Permissions, Privileges, and Access Controls vulnerability in Mozilla Bugzilla Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6 and 3.7, when use_suexec is enabled, uses world-readable permissions for the localconfig files, which allows local users to read sensitive configuration fields, as demonstrated by the database password field and the site_wide_secret field. | 1.9 |