Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2010-2756

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-13 Aug, 2010 | 19:00
Updated At-07 Aug, 2024 | 02:46
Rejected At-
Credits

Search.pm in Bugzilla 2.19.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 allows remote attackers to determine the group memberships of arbitrary users via vectors involving the Search interface, boolean charts, and group-based pronouns.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:13 Aug, 2010 | 19:00
Updated At:07 Aug, 2024 | 02:46
Rejected At:
â–¼CVE Numbering Authority (CNA)

Search.pm in Bugzilla 2.19.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 allows remote attackers to determine the group memberships of arbitrary users via vectors involving the Search interface, boolean charts, and group-based pronouns.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.vupen.com/english/advisories/2010/2035
vdb-entry
x_refsource_VUPEN
http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046534.html
vendor-advisory
x_refsource_FEDORA
http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046518.html
vendor-advisory
x_refsource_FEDORA
http://secunia.com/advisories/40892
third-party-advisory
x_refsource_SECUNIA
https://bugzilla.redhat.com/show_bug.cgi?id=623423
x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046546.html
vendor-advisory
x_refsource_FEDORA
http://www.securityfocus.com/bid/42275
vdb-entry
x_refsource_BID
https://bugzilla.mozilla.org/show_bug.cgi?id=417048
x_refsource_CONFIRM
http://www.bugzilla.org/security/3.2.7/
x_refsource_CONFIRM
http://secunia.com/advisories/41128
third-party-advisory
x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2010/2205
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.vupen.com/english/advisories/2010/2035
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046534.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046518.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://secunia.com/advisories/40892
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=623423
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046546.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.securityfocus.com/bid/42275
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=417048
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.bugzilla.org/security/3.2.7/
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/41128
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vupen.com/english/advisories/2010/2205
Resource:
vdb-entry
x_refsource_VUPEN
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.vupen.com/english/advisories/2010/2035
vdb-entry
x_refsource_VUPEN
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046534.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046518.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://secunia.com/advisories/40892
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=623423
x_refsource_CONFIRM
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046546.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://www.securityfocus.com/bid/42275
vdb-entry
x_refsource_BID
x_transferred
https://bugzilla.mozilla.org/show_bug.cgi?id=417048
x_refsource_CONFIRM
x_transferred
http://www.bugzilla.org/security/3.2.7/
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/41128
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vupen.com/english/advisories/2010/2205
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2010/2035
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046534.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046518.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://secunia.com/advisories/40892
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=623423
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046546.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.securityfocus.com/bid/42275
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=417048
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.bugzilla.org/security/3.2.7/
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/41128
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2010/2205
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:16 Aug, 2010 | 15:14
Updated At:11 Apr, 2025 | 00:51

Search.pm in Bugzilla 2.19.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 allows remote attackers to determine the group memberships of arbitrary users via vectors involving the Search interface, boolean charts, and group-based pronouns.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
Mozilla Corporation
mozilla
>>bugzilla>>2.2
cpe:2.3:a:mozilla:bugzilla:2.2:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>bugzilla>>2.4
cpe:2.3:a:mozilla:bugzilla:2.4:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>bugzilla>>2.6
cpe:2.3:a:mozilla:bugzilla:2.6:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>bugzilla>>2.8
cpe:2.3:a:mozilla:bugzilla:2.8:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>bugzilla>>2.9
cpe:2.3:a:mozilla:bugzilla:2.9:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>bugzilla>>2.19.1
cpe:2.3:a:mozilla:bugzilla:2.19.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>bugzilla>>2.19.2
cpe:2.3:a:mozilla:bugzilla:2.19.2:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>bugzilla>>2.19.3
cpe:2.3:a:mozilla:bugzilla:2.19.3:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>bugzilla>>2.20
cpe:2.3:a:mozilla:bugzilla:2.20:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>bugzilla>>2.20
cpe:2.3:a:mozilla:bugzilla:2.20:rc1:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>bugzilla>>2.20
cpe:2.3:a:mozilla:bugzilla:2.20:rc2:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>bugzilla>>2.20.1
cpe:2.3:a:mozilla:bugzilla:2.20.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>bugzilla>>2.20.2
cpe:2.3:a:mozilla:bugzilla:2.20.2:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>bugzilla>>2.20.3
cpe:2.3:a:mozilla:bugzilla:2.20.3:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>bugzilla>>2.20.4
cpe:2.3:a:mozilla:bugzilla:2.20.4:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>bugzilla>>2.20.5
cpe:2.3:a:mozilla:bugzilla:2.20.5:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>bugzilla>>2.20.6
cpe:2.3:a:mozilla:bugzilla:2.20.6:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>bugzilla>>2.20.7
cpe:2.3:a:mozilla:bugzilla:2.20.7:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>bugzilla>>2.21
cpe:2.3:a:mozilla:bugzilla:2.21:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>bugzilla>>2.21.1
cpe:2.3:a:mozilla:bugzilla:2.21.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>bugzilla>>2.21.2
cpe:2.3:a:mozilla:bugzilla:2.21.2:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>bugzilla>>2.22
cpe:2.3:a:mozilla:bugzilla:2.22:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>bugzilla>>2.22
cpe:2.3:a:mozilla:bugzilla:2.22:rc1:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>bugzilla>>2.22.1
cpe:2.3:a:mozilla:bugzilla:2.22.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>bugzilla>>2.22.3
cpe:2.3:a:mozilla:bugzilla:2.22.3:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>bugzilla>>2.22.4
cpe:2.3:a:mozilla:bugzilla:2.22.4:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>bugzilla>>2.22.5
cpe:2.3:a:mozilla:bugzilla:2.22.5:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>bugzilla>>2.22.6
cpe:2.3:a:mozilla:bugzilla:2.22.6:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>bugzilla>>2.22.7
cpe:2.3:a:mozilla:bugzilla:2.22.7:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>bugzilla>>2.23
cpe:2.3:a:mozilla:bugzilla:2.23:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>bugzilla>>2.23.1
cpe:2.3:a:mozilla:bugzilla:2.23.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>bugzilla>>2.23.2
cpe:2.3:a:mozilla:bugzilla:2.23.2:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>bugzilla>>2.23.3
cpe:2.3:a:mozilla:bugzilla:2.23.3:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>bugzilla>>2.23.4
cpe:2.3:a:mozilla:bugzilla:2.23.4:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>bugzilla>>3.0
cpe:2.3:a:mozilla:bugzilla:3.0:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>bugzilla>>3.0
cpe:2.3:a:mozilla:bugzilla:3.0:rc1:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>bugzilla>>3.0.0
cpe:2.3:a:mozilla:bugzilla:3.0.0:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>bugzilla>>3.0.1
cpe:2.3:a:mozilla:bugzilla:3.0.1:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>bugzilla>>3.0.2
cpe:2.3:a:mozilla:bugzilla:3.0.2:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>bugzilla>>3.0.3
cpe:2.3:a:mozilla:bugzilla:3.0.3:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>bugzilla>>3.0.4
cpe:2.3:a:mozilla:bugzilla:3.0.4:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>bugzilla>>3.0.5
cpe:2.3:a:mozilla:bugzilla:3.0.5:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>bugzilla>>3.0.6
cpe:2.3:a:mozilla:bugzilla:3.0.6:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>bugzilla>>3.0.7
cpe:2.3:a:mozilla:bugzilla:3.0.7:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>bugzilla>>3.0.8
cpe:2.3:a:mozilla:bugzilla:3.0.8:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>bugzilla>>3.0.9
cpe:2.3:a:mozilla:bugzilla:3.0.9:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>bugzilla>>3.0.10
cpe:2.3:a:mozilla:bugzilla:3.0.10:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>bugzilla>>3.0.11
cpe:2.3:a:mozilla:bugzilla:3.0.11:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>bugzilla>>3.1.0
cpe:2.3:a:mozilla:bugzilla:3.1.0:*:*:*:*:*:*:*
Mozilla Corporation
mozilla
>>bugzilla>>3.1.1
cpe:2.3:a:mozilla:bugzilla:3.1.1:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-264Primarynvd@nist.gov
CWE ID: CWE-264
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046518.htmlcve@mitre.org
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046534.htmlcve@mitre.org
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046546.htmlcve@mitre.org
N/A
http://secunia.com/advisories/40892cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/41128cve@mitre.org
N/A
http://www.bugzilla.org/security/3.2.7/cve@mitre.org
N/A
http://www.securityfocus.com/bid/42275cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2010/2035cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2010/2205cve@mitre.org
N/A
https://bugzilla.mozilla.org/show_bug.cgi?id=417048cve@mitre.org
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=623423cve@mitre.org
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046518.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046534.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046546.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/40892af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/41128af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.bugzilla.org/security/3.2.7/af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/42275af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2010/2035af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2010/2205af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.mozilla.org/show_bug.cgi?id=417048af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=623423af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046518.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046534.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046546.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/40892
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/41128
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.bugzilla.org/security/3.2.7/
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/42275
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2010/2035
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2010/2205
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=417048
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=623423
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046518.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046534.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046546.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/40892
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/41128
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.bugzilla.org/security/3.2.7/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/42275
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2010/2035
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2010/2205
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=417048
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=623423
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

172Records found
CVE-2013-1695
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-5||MEDIUM
EPSS-0.16% / 37.04%
||
7 Day CHG~0.00%
Published-26 Jun, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 22.0 does not properly implement certain DocShell inheritance behavior for the sandbox attribute of an IFRAME element, which allows remote attackers to bypass intended access restrictions via a FRAME element within an IFRAME element.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CVE-2013-1737
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-5||MEDIUM
EPSS-0.42% / 61.30%
||
7 Day CHG~0.00%
Published-18 Sep, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly identify the "this" object during use of user-defined getter methods on DOM proxies, which might allow remote attackers to bypass intended access restrictions via vectors involving an expando object.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-thunderbird_esrfirefoxseamonkeythunderbirdn/a
CVE-2013-0786
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-5||MEDIUM
EPSS-0.28% / 51.29%
||
7 Day CHG~0.00%
Published-24 Feb, 2013 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Bugzilla::Search::build_subselect function in Bugzilla 2.x and 3.x before 3.6.13 and 3.7.x and 4.0.x before 4.0.10 generates different error messages for invalid product queries depending on whether a product exists, which allows remote attackers to discover private product names by using debug mode for a query.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-bugzillan/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-12395
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-2.92% / 86.10%
||
7 Day CHG~0.00%
Published-28 Feb, 2019 | 18:00
Updated-05 Aug, 2024 | 08:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. This would allow access to domains that share a host that are otherwise restricted. This vulnerability affects Firefox ESR < 60.3 and Firefox < 63.

Action-Not Available
Vendor-Canonical Ltd.Red Hat, Inc.Mozilla CorporationDebian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxdebian_linuxenterprise_linux_server_eusfirefoxfirefox_esrenterprise_linux_workstationenterprise_linux_desktopFirefoxFirefox ESR
CVE-2018-12400
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.30% / 52.79%
||
7 Day CHG~0.00%
Published-28 Feb, 2019 | 18:00
Updated-05 Aug, 2024 | 08:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In private browsing mode on Firefox for Android, favicons are cached in the cache/icons folder as they are in non-private mode. This allows information leakage of sites visited during private browsing sessions. *Note: this issue only affects Firefox for Android. Desktop versions of Firefox are unaffected.*. This vulnerability affects Firefox < 63.

Action-Not Available
Vendor-Mozilla CorporationGoogle LLC
Product-firefoxandroidFirefox
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-7812
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.27% / 50.28%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

If web content on a page is dragged onto portions of the browser UI, such as the tab bar, links can be opened that otherwise would not be allowed to open. This can allow malicious web content to open a locally stored file through "file:" URLs. This vulnerability affects Firefox < 56.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-7831
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.33% / 55.59%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 16:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability where the security wrapper does not deny access to some exposed properties using the deprecated "_exposedProps_" mechanism on proxy objects. These properties should be explicitly unavailable to proxy objects. This vulnerability affects Firefox < 57.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-7843
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-1.06% / 77.27%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple private browsing mode sessions because it is not cleared when exiting. This vulnerability affects Firefox ESR < 52.5.2 and Firefox < 57.0.1.

Action-Not Available
Vendor-Mozilla CorporationDebian GNU/LinuxRed Hat, Inc.
Product-firefoxenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_serverdebian_linuxenterprise_linux_workstationenterprise_linux_server_ausFirefoxFirefox ESR
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-5385
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.95% / 75.96%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Data sent with in multipart channels, such as the multipart/x-mixed-replace MIME type, will ignore the referrer-policy response header, leading to potential information disclosure for sites using this header. This vulnerability affects Firefox < 51.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-5412
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.36% / 57.77%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow read during SVG filter color value operations, resulting in data exposure. This vulnerability affects Firefox < 52 and Thunderbird < 52.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdFirefoxThunderbird
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-5444
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-1.93% / 83.09%
||
7 Day CHG-0.64%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow vulnerability while parsing "application/http-index-format" format content when the header contains improperly formatted data. This allows for an out-of-bounds read of data from memory. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Action-Not Available
Vendor-Mozilla CorporationDebian GNU/LinuxRed Hat, Inc.
Product-thunderbirdfirefoxenterprise_linuxenterprise_linux_desktopenterprise_linux_serverdebian_linuxenterprise_linux_server_eusenterprise_linux_workstationenterprise_linux_server_ausThunderbirdFirefox ESRFirefox
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-5445
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-2.14% / 83.90%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability while parsing "application/http-index-format" format content where uninitialized values are used to create an array. This could allow the reading of uninitialized memory into the arrays affected. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.

Action-Not Available
Vendor-Mozilla CorporationDebian GNU/LinuxRed Hat, Inc.
Product-thunderbirdfirefoxenterprise_linuxenterprise_linux_desktopenterprise_linux_serverdebian_linuxenterprise_linux_server_eusenterprise_linux_workstationenterprise_linux_server_ausThunderbirdFirefox ESRFirefox
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2017-5425
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.47% / 63.99%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Gecko Media Plugin sandbox allows access to local files that match specific regular expressions. On OS OX, this matching allows access to some data in subdirectories of "/private/var" that could expose personal or temporary data. This has been updated to not allow access to "/private/var" and its subdirectories. Note: this issue only affects OS X. Other operating systems are not affected. This vulnerability affects Firefox < 52 and Thunderbird < 52.

Action-Not Available
Vendor-Mozilla CorporationApple Inc.
Product-firefoxthunderbirdmac_os_xFirefoxThunderbird
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-5405
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-5.3||MEDIUM
EPSS-2.35% / 84.60%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.

Action-Not Available
Vendor-Mozilla CorporationDebian GNU/LinuxRed Hat, Inc.
Product-thunderbirdfirefoxenterprise_linuxenterprise_linux_desktopenterprise_linux_serverdebian_linuxenterprise_linux_server_eusenterprise_linux_workstationenterprise_linux_server_ausFirefoxFirefox ESRThunderbird
CWE ID-CWE-1187
DEPRECATED: Use of Uninitialized Resource
CVE-2017-5418
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.52% / 66.44%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out of bounds read error occurs when parsing some HTTP digest authorization responses, resulting in information leakage through the reading of random memory containing matches to specifically set patterns. This vulnerability affects Firefox < 52 and Thunderbird < 52.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdFirefoxThunderbird
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-5454
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.90%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A mechanism to bypass file system access protections in the sandbox to use the file picker to access different files than those selected in the file picker through the use of relative paths. This allows for read only access to the local file system. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53.

Action-Not Available
Vendor-Red Hat, Inc.Mozilla Corporation
Product-thunderbirdfirefoxenterprise_linuxenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_serverenterprise_linux_workstationenterprise_linux_server_ausThunderbirdFirefox ESRFirefox
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-5408
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-5.3||MEDIUM
EPSS-1.07% / 77.36%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-25 Nov, 2025 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8.

Action-Not Available
Vendor-Mozilla CorporationDebian GNU/LinuxRed Hat, Inc.
Product-thunderbirdfirefoxenterprise_linuxenterprise_linux_desktopenterprise_linux_serverdebian_linuxenterprise_linux_server_eusenterprise_linux_workstationenterprise_linux_server_ausFirefoxFirefox ESRThunderbird
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-5382
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.96% / 76.08%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of internal information not meant to be seen by web content. This vulnerability affects Firefox < 51.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2007-4879
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-1.52% / 80.99%
||
7 Day CHG~0.00%
Published-13 Sep, 2007 | 18:00
Updated-07 Aug, 2024 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before Firefox 2.0.0.13, and SeaMonkey before 1.1.9, can automatically install TLS client certificates with minimal user interaction, and automatically sends these certificates when requested, which makes it easier for remote web sites to track user activities across domains by requesting the TLS client certificates from other domains.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxseamonkeyn/a
CVE-2015-7208
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-5||MEDIUM
EPSS-0.62% / 69.53%
||
7 Day CHG~0.00%
Published-16 Dec, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 43.0 stores cookies containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers.

Action-Not Available
Vendor-n/aMozilla CorporationFedora ProjectopenSUSE
Product-leapfedorafirefoxopensusen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-7195
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-5||MEDIUM
EPSS-0.57% / 68.02%
||
7 Day CHG~0.00%
Published-05 Nov, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The URL parsing implementation in Mozilla Firefox before 42.0 improperly recognizes escaped characters in hostnames within Location headers, which allows remote attackers to obtain sensitive information via vectors involving a redirect.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-7207
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-5||MEDIUM
EPSS-0.44% / 62.62%
||
7 Day CHG~0.00%
Published-16 Dec, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 43.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls, a related issue to CVE-2015-1300.

Action-Not Available
Vendor-n/aMozilla CorporationFedora ProjectopenSUSE
Product-fedoraleapfirefoxopensusen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found