CVE-2003-1046
describecomponents.cgi in Bugzilla 2.17.3 and 2.17.4 does not properly verify group membership when bug entry groups are used, which allows remote attackers to list component descriptions for otherwise restricted products.
| Software | From | Fixed in |
|---|---|---|
| mozilla / bugzilla | 2.16.1 | 2.16.1.x |
| mozilla / bugzilla | 2.16.2 | 2.16.2.x |
| mozilla / bugzilla | 2.17.4 | 2.17.4.x |
| mozilla / bugzilla | 2.10 | 2.10.x |
| mozilla / bugzilla | 2.17.1 | 2.17.1.x |
| mozilla / bugzilla | 2.16 | 2.16.x |
| mozilla / bugzilla | 2.14.2 | 2.14.2.x |
| mozilla / bugzilla | 2.14.3 | 2.14.3.x |
| mozilla / bugzilla | 2.14.4 | 2.14.4.x |
| mozilla / bugzilla | 2.12 | 2.12.x |
| mozilla / bugzilla | 2.14 | 2.14.x |
| mozilla / bugzilla | 2.8 | 2.8.x |
| mozilla / bugzilla | 2.17.3 | 2.17.3.x |
| mozilla / bugzilla | 2.14.5 | 2.14.5.x |
| mozilla / bugzilla | 2.4 | 2.4.x |
| mozilla / bugzilla | 2.6 | 2.6.x |
| mozilla / bugzilla | 2.14.1 | 2.14.1.x |
| mozilla / bugzilla | 2.16.3 | 2.16.3.x |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime