Advisories
Research
Forums
Create Profile
Our Commitment
Database
Search
Advisories by Product
Advisories by Vendor
Terminology
Report Vulnerability
Insecure Library Loading

Vulnerability Report: Bugzilla 3.x

This vulnerability report for Bugzilla 3.x contains a complete overview of all Secunia advisories affecting it. You can use this vulnerability report to ensure that you are aware of all vulnerabilities, both patched and unpatched, affecting this product allowing you to take the necessary precautions.

If you have information about a new or an existing vulnerability in Bugzilla 3.x then you are more than welcome to contact us.


Table of Contents

1. Product Summary Only

2. Secunia Advisory Statistics (All time)
2.1. Statistics for 2014
2.2. Statistics for 2013
2.3. Statistics for 2012
2.4. Statistics for 2011
2.5. Statistics for 2010
2.6. Statistics for 2009
2.7. Statistics for 2008
2.8. Statistics for 2007
2.9. Statistics for 2006
2.10. Statistics for 2005
2.11. Statistics for 2004
2.12. Statistics for 2003

3. List of Secunia Advisories (All time)
3.1. List for 2014
3.2. List for 2013
3.3. List for 2012
3.4. List for 2011
3.5. List for 2010
3.6. List for 2009
3.7. List for 2008
3.8. List for 2007
3.9. List for 2006
3.10. List for 2005
3.11. List for 2004
3.12. List for 2003

4. Send Feedback
 
Vendor, Links, and Unpatched Vulnerabilities

Vendor Mozilla Foundation

Product Link View Here (Link to external site)

Affected By 26 Secunia advisories
62 Vulnerabilities

Monitor Product Receive alerts for this product

Unpatched 8% (2 of 26 Secunia advisories)

Most Critical Unpatched
The most severe unpatched Secunia advisory affecting Bugzilla 3.x, with all vendor patches applied, is rated Less critical .




26 Secunia Advisories in 2003-2014

Secunia has issued a total of 26 Secunia advisories in 2003-2014 for Bugzilla 3.x. Currently, 8% (2 out of 26) are marked as unpatched with the most severe being rated Less critical

More information about the specific Secunia advisories affecting Bugzilla 3.x can be found below. Each Secunia advisory is enclosed by a box highlighted with a color representing its current patch status. You can read the complete Secunia advisories for thorough descriptions of the issues covered and for solution suggestions by clicking either the Secunia advisory title or the "Read More" links available for each Secunia advisory.



Bugzilla Information Disclosure Weakness and Cross-Site Scripting Vulnerability
Vendor Patch. Secunia Advisory 1 of 1 in 2013. 829 views.
Release Date:
2013-02-20
Secunia Advisory ID:
SA52254
Solution Status:
Vendor Patch
Criticality:
Impact:
Cross Site Scripting
Exposure of sensitive information
Where:
From remote
Short Description:
A weakness and a vulnerability has been reported in Bugzilla, which can be exploited by malicious users to disclose potentially sensitive information and by malicious people to conduct cross-site scripting attacks. [Read More]


Bugzilla Multiple Vulnerabilities
Vendor Patch. Secunia Advisory 1 of 5 in 2012. 1,293 views.
Release Date:
2012-11-14
Secunia Advisory ID:
SA51265
Solution Status:
Vendor Patch
Criticality:
Impact:
Cross Site Scripting
Exposure of sensitive information
Where:
From remote
Short Description:
A security issue and multiple vulnerabilities have been reported in Bugzilla, which can be exploited by malicious people to disclose potentially sensitive information and conduct cross-site scripting and script insertion attacks. [Read More]


Bugzilla LDAP Injection and Template Disclosure Vulnerabilities
Vendor Patch. Secunia Advisory 2 of 5 in 2012. 1,791 views.
Release Date:
2012-08-31
Secunia Advisory ID:
SA50433
Solution Status:
Vendor Patch
Criticality:
Impact:
Manipulation of data
Exposure of sensitive information
Where:
From remote
Short Description:
A vulnerability and a security issue have been reported in Bugzilla, which can be exploited by malicious people to disclose potentially sensitive information and manipulate certain data. [Read More]


Bugzilla Two Information Disclosure Security Issues
Vendor Patch. Secunia Advisory 3 of 5 in 2012. 3,350 views.
Release Date:
2012-07-27
Secunia Advisory ID:
SA50040
Solution Status:
Vendor Patch
Criticality:
Impact:
Exposure of sensitive information
Where:
From remote
Short Description:
Two security issues have been reported in Bugzilla, which can be exploited by malicious people to disclose potentially sensitive information. [Read More]


Bugzilla Cross-Site Request Forgery Vulnerability
Vendor Patch. Secunia Advisory 4 of 5 in 2012. 1,137 views.
Release Date:
2012-04-19
Secunia Advisory ID:
SA48835
Solution Status:
Vendor Patch
Criticality:
Impact:
Cross Site Scripting
Where:
From remote
Short Description:
A vulnerability has been reported in Bugzilla, which can be exploited by malicious people to conduct cross-site request forgery attacks. [Read More]


Bugzilla Spoofing and Cross-Site Request Forgery Vulnerabilities
Vendor Patch. Secunia Advisory 5 of 5 in 2012. 1,569 views.
Release Date:
2012-02-01
Secunia Advisory ID:
SA47814
Solution Status:
Vendor Patch
Criticality:
Impact:
Cross Site Scripting
Spoofing
Where:
From remote
Short Description:
Two vulnerabilities have been reported in Bugzilla, which can be exploited by malicious users to conduct spoofing attacks and by malicious people to conduct cross-site request forgery attacks. [Read More]


Bugzilla Cross-Site Request Forgery Vulnerability
Unpatched. Secunia Advisory 1 of 4 in 2011. 1,611 views.
Release Date:
2011-12-30
Secunia Advisory ID:
SA47368
Solution Status:
Unpatched
Criticality:
Impact:
Cross Site Scripting
Where:
From remote
Short Description:
A vulnerability has been reported in Bugzilla, which can be exploited by malicious people to conduct cross-site request forgery attacks. [Read More]


Bugzilla Multiple Vulnerabilities
Vendor Patch. Secunia Advisory 2 of 4 in 2011. 1,990 views.
Release Date:
2011-12-30
Secunia Advisory ID:
SA47365
Solution Status:
Vendor Patch
Criticality:
Impact:
Security Bypass
Cross Site Scripting
Where:
From remote
Short Description:
A weakness and two vulnerabilities have been reported in Bugzilla, which can be exploited by malicious users to bypass certain security restrictions and conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks. [Read More]


Bugzilla Multiple Vulnerabilities
Vendor Patch. Secunia Advisory 3 of 4 in 2011. 3,011 views.
Release Date:
2011-08-05
Secunia Advisory ID:
SA45501
Solution Status:
Vendor Patch
Criticality:
Impact:
Cross Site Scripting
Spoofing
Exposure of sensitive information
Where:
From remote
Short Description:
Multiple vulnerabilities have been reported in Bugzilla, which can be exploited by malicious, local users to gain access to potentially sensitive information and by malicious users to disclose potentially sensitive information, conduct script insertion and spoofing attacks. [Read More]


Bugzilla Multiple Vulnerabilities
Vendor Patch. Secunia Advisory 4 of 4 in 2011. 5,209 views.
Release Date:
2011-01-25
Secunia Advisory ID:
SA43033
Solution Status:
Vendor Patch
Criticality:
Impact:
Security Bypass
Cross Site Scripting
Brute force
Where:
From remote
Short Description:
Some vulnerabilities have been reported in Bugzilla, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct HTTP response splitting attacks, cross-site request forgery attacks, and bypass certain security restrictions. [Read More]


Bugzilla Multiple Vulnerabilities
Vendor Patch. Secunia Advisory 1 of 5 in 2010. 2,481 views.
Release Date:
2010-11-03
Secunia Advisory ID:
SA42071
Solution Status:
Vendor Patch
Criticality:
Impact:
Security Bypass
Cross Site Scripting
Where:
From remote
Short Description:
Some vulnerabilities have been reported in Bugzilla, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct HTTP response splitting and cross-site scripting attacks [Read More]


Bugzilla Multiple Weaknesses and Vulnerability
Vendor Patch. Secunia Advisory 2 of 5 in 2010. 3,205 views.
Release Date:
2010-08-06
Secunia Advisory ID:
SA40892
Solution Status:
Vendor Patch
Criticality:
Impact:
Security Bypass
Exposure of sensitive information
DoS
Where:
From remote
Short Description:
Multiple weaknesses and a vulnerability have been reported in Bugzilla, which can be exploited by malicious users to bypass certain security restrictions and cause a DoS (Denial of Service) and by malicious people to disclose potentially sensitive information [Read More]


Bugzilla "data/webdot" and ".bzr" Information Disclosure
Unpatched. Secunia Advisory 3 of 5 in 2010. 1,927 views.
Release Date:
2010-07-02
Secunia Advisory ID:
SA40455
Solution Status:
Unpatched
Criticality:
Impact:
Exposure of sensitive information
Where:
Local system
Short Description:
A security issue has been reported in Bugzilla, which can be exploited by malicious, local users to disclose potentially sensitive information. [Read More]


Bugzilla "Time-Tracking" and "localconfig" Information Disclosure
Vendor Patch. Secunia Advisory 4 of 5 in 2010. 3,505 views.
Release Date:
2010-06-25
Secunia Advisory ID:
SA40300
Solution Status:
Vendor Patch
Criticality:
Impact:
Security Bypass
Exposure of sensitive information
Where:
From remote
Short Description:
Two vulnerabilities have been reported in Bugzilla, which can be exploited by malicious, local users and malicious people to disclose sensitive information. [Read More]


Bugzilla Information Disclosure Weaknesses
Vendor Patch. Secunia Advisory 5 of 5 in 2010. 2,940 views.
Release Date:
2010-02-01
Secunia Advisory ID:
SA38443
Solution Status:
Vendor Patch
Criticality:
Impact:
Exposure of sensitive information
Where:
From remote
Short Description:
Some weaknesses have been reported in Bugzilla, which can lead to the disclosure of sensitive information. [Read More]


Bugzilla Alias Information Leak Weakness
Vendor Patch. Secunia Advisory 1 of 6 in 2009. 2,994 views.
Release Date:
2009-11-19
Secunia Advisory ID:
SA37423
Solution Status:
Vendor Patch
Criticality:
Impact:
Exposure of sensitive information
Where:
From remote
Short Description:
A weakness has been reported in Bugzilla, which can result in the disclosure of potentially sensitive information. [Read More]


Bugzilla Information Disclosure Weakness and SQL Injection Vulnerabilities
Vendor Patch. Secunia Advisory 2 of 6 in 2009. 4,036 views.
Release Date:
2009-09-14
Secunia Advisory ID:
SA36718
Solution Status:
Vendor Patch
Criticality:
Impact:
Manipulation of data
Exposure of sensitive information
Where:
From remote
Short Description:
A weakness and two vulnerabilities have been reported in Bugzilla, which can be exploited by malicious people to disclose potentially sensitive information and by malicious users and malicious people to conduct SQL injection attacks. [Read More]


Bugzilla Product Names Disclosure Security Issue
Vendor Patch. Secunia Advisory 3 of 6 in 2009. 1,919 views.
Release Date:
2009-08-03
Secunia Advisory ID:
SA36071
Solution Status:
Vendor Patch
Criticality:
Impact:
Exposure of sensitive information
Where:
From remote
Short Description:
A security issue has been reported in Bugzilla, which can be exploited by malicious users to disclose sensitive information. [Read More]


Bugzilla "canconfirm" Security Bypass Vulnerability
Vendor Patch. Secunia Advisory 4 of 6 in 2009. 2,865 views.
Release Date:
2009-07-09
Secunia Advisory ID:
SA35739
Solution Status:
Vendor Patch
Criticality:
Impact:
Security Bypass
Where:
From remote
Short Description:
A vulnerability has been reported in Bugzilla, which can be exploited by malicious users to bypass certain security restrictions. [Read More]


Bugzilla "attachment.cgi" Cross-Site Request Forgery Vulnerability
Vendor Patch. Secunia Advisory 5 of 6 in 2009. 3,548 views.
Release Date:
2009-03-31
Secunia Advisory ID:
SA34545
Solution Status:
Vendor Patch
Criticality:
Impact:
Cross Site Scripting
Where:
From remote
Short Description:
A vulnerability has been reported in Bugzilla, which can be exploited by malicious people to conduct cross-site request forgery attacks. [Read More]


Bugzilla Multiple Vulnerabilities
Vendor Patch. Secunia Advisory 6 of 6 in 2009. 5,376 views.
Release Date:
2009-02-03
Secunia Advisory ID:
SA33781
Solution Status:
Vendor Patch
Criticality:
Impact:
Cross Site Scripting
Exposure of sensitive information
Where:
From remote
Short Description:
Some vulnerabilities and a security issue have been reported in Bugzilla, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to potentially disclose sensitive information or to conduct cross-site request forgery attacks. [Read More]


Bugzilla Quips Approval Security Bypass Security Issue
Vendor Patch. Secunia Advisory 1 of 3 in 2008. 4,088 views.
Release Date:
2008-11-07
Secunia Advisory ID:
SA32501
Solution Status:
Vendor Patch
Criticality:
Impact:
Security Bypass
Where:
From remote
Short Description:
A security issue has been reported in Bugzilla, which can be exploited by malicious users to bypass certain security restrictions. [Read More]


Bugzilla importxml.pl Directory Traversal Vulnerability
Vendor Patch. Secunia Advisory 2 of 3 in 2008. 5,021 views.
Release Date:
2008-08-12
Secunia Advisory ID:
SA31444
Solution Status:
Vendor Patch
Criticality:
Impact:
Exposure of system information
Exposure of sensitive information
Where:
From remote
Short Description:
A vulnerability has been reported in Bugzilla, which can be exploited by malicious users to disclose sensitive information. [Read More]


Bugzilla Security Bypass and Cross-Site Scripting Vulnerabilities
Vendor Patch. Secunia Advisory 3 of 3 in 2008. 8,057 views.
Release Date:
2008-05-05
Secunia Advisory ID:
SA30064
Solution Status:
Vendor Patch
Criticality:
Impact:
Security Bypass
Cross Site Scripting
Where:
From remote
Short Description:
Some vulnerabilities have been reported in Bugzilla, which can be exploited by malicious users to bypass certain security restrictions or by malicious people to conduct cross-site scripting attacks. [Read More]


Bugzilla "createemailregexp" Security Bypass Vulnerability
Vendor Patch. Secunia Advisory 1 of 2 in 2007. 11,497 views.
Release Date:
2007-09-19
Secunia Advisory ID:
SA26848
Solution Status:
Vendor Patch
Criticality:
Impact:
Security Bypass
Where:
From remote
Short Description:
A vulnerability has been reported in Bugzilla, which can be exploited by malicious people to bypass certain security restrictions. [Read More]


Bugzilla Security Issue and Multiple Vulnerabilities
Vendor Patch. Secunia Advisory 2 of 2 in 2007. 13,008 views.
Release Date:
2007-08-24
Secunia Advisory ID:
SA26584
Solution Status:
Vendor Patch
Criticality:
Impact:
Cross Site Scripting
Exposure of sensitive information
System access
Where:
From remote
Short Description:
Some vulnerabilities and a security issue have been reported in Bugzilla, which can be exploited by malicious users to inject shell commands, and by malicious people to conduct cross-site scripting attacks and to disclose potentially sensitive information. [Read More]





Discuss this Product
A new thread in our forum is automatically created for each Product. Activate the thread by commenting/discussing below.
Subject: Bugzilla 3.x 
No posts yet

-

You must be logged in to post a comment.



 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability