GCVE - cpe:2.3:a:mozilla:bugzilla:4.2.14:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:mozilla:bugzilla:4.2.14:*:*:*:*:*:*:*

part: a version: 4.2.14 update: *

Vendor	Mozilla (`be1b0d4e-21a7-5a25-9982-bbda6ef43ec1`)
Product	Bugzilla (`e01796e2-013a-5496-a0c3-a87ebcd7e088`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:docker/bugzilla/bugzilla-dev`	purl2cpe	2026-06-01 10:17:53.656461
`pkg:github/bugzilla/bugzilla`	purl2cpe	2026-06-01 10:17:53.656462
`pkg:rpm/fedora/bugzilla`	purl2cpe	2026-06-01 10:17:53.656464
`pkg:rpm/opensuse/bugzilla`	purl2cpe	2026-06-01 10:17:53.656465

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2016-2803`	vulnerable	2026-06-03 14:35:43.953713	Details available Cross-site scripting (XSS) vulnerability in the dependency graphs in Bugzilla 2.16rc1 through 4.4.11, and 4.5.1 through 5.0.2 allows remote attackers to inject arbitrary web script or HTML. Published: 2017-04-12T22:00:00.000Z Updated: 2024-08-05T23:32:21.226Z Open on db.gcve.eu Reference links http://www.securityfocus.com/archive/1/538401/100/0/threaded https://www.bugzilla.org/security/4.4.11/ http://www.securitytracker.com/id/1035891 http://packetstormsecurity.com/files/137079/Bugzilla-4.4.11-5.0.2-Summary-Cross-Site-Scripting.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-8509`	vulnerable	2026-06-03 14:35:12.187734	Details available Template.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x and 4.4.x before 4.4.11, and 4.5.x and 5.0.x before 5.0.2 does not properly construct CSV files, which allows remote attackers to obtain sensitive information by leveraging a web browser that interprets CSV data as JavaScript code. Published: 2016-01-03T02:00:00.000Z Updated: 2024-08-06T08:20:42.370Z Open on db.gcve.eu Reference links http://seclists.org/bugtraq/2015/Dec/131 https://bugzilla.mozilla.org/show_bug.cgi?id=1232785 http://www.securityfocus.com/bid/79662 http://www.securitytracker.com/id/1034556 http://packetstormsecurity.com/files/135048/Bugzilla-Cross-Site-Scripting-Information-Leak.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-8508`	vulnerable	2026-06-03 14:35:12.174743	Details available Cross-site scripting (XSS) vulnerability in showdependencygraph.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x and 4.4.x before 4.4.11, and 4.5.x and 5.0.x before 5.0.2, when a local dot configuration is used, allows remote attackers to inject arbitrary web script or HTML via a crafted bug summary. Published: 2016-01-03T02:00:00.000Z Updated: 2024-08-06T08:20:42.648Z Open on db.gcve.eu Reference links https://bugzilla.mozilla.org/show_bug.cgi?id=1221518 http://seclists.org/bugtraq/2015/Dec/131 http://www.securityfocus.com/bid/79660 http://www.securitytracker.com/id/1034556 http://packetstormsecurity.com/files/135048/Bugzilla-Cross-Site-Scripting-Information-Leak.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-4499`	vulnerable	2026-06-03 14:34:52.083556	Details available Util.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.15, 4.3.x and 4.4.x before 4.4.10, and 5.x before 5.0.1 mishandles long e-mail addresses during account registration, which allows remote attackers to obtain the default privileges for an arbitrary domain name by placing that name in a substring of an address, as demonstrated by truncation of an @mozilla.com.example.com address to an @mozilla.com address. Published: 2015-09-14T01:00:00.000Z Updated: 2024-08-06T06:18:11.279Z Open on db.gcve.eu Reference links http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169946.html http://www.securitytracker.com/id/1033542 http://seclists.org/bugtraq/2015/Sep/48 https://bug1202447.bmoattachments.org/attachment.cgi?id=8657861 http://seclists.org/bugtraq/2015/Sep/49	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.