Total vulnerabilities in the database
Bugzilla before 2.14 does not properly restrict access to confidential bugs, which could allow Bugzilla users to bypass viewing permissions via modified bug id parameters in (1) process_bug.cgi, (2) show_activity.cgi, (3) showvotes.cgi, (4) showdependencytree.cgi, (5) showdependencygraph.cgi, (6) showattachment.cgi, or (7) describecomponents.cgi.
| Software | From | Fixed in |
|---|---|---|
| mozilla / bugzilla | 2.10 | 2.10.x |
| mozilla / bugzilla | 2.6 | 2.6.x |
| mozilla / bugzilla | 2.4 | 2.4.x |
| mozilla / bugzilla | 2.12 | 2.12.x |
| mozilla / bugzilla | 2.8 | 2.8.x |
| mozilla / bugzilla | 2.14 | 2.14.x |