CVE-2011-2379

Cross-site scripting (XSS) vulnerability in Bugzilla 2.4 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3, when Internet Explorer before 9 or Safari before 5.0.6 is used for Raw Unified mode, allows remote attackers to inject arbitrary web script or HTML via a crafted patch, related to content sniffing.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
VendorProductVersion
mozillabugzilla
2.4
mozillabugzilla
2.6
mozillabugzilla
2.8
mozillabugzilla
2.9
mozillabugzilla
2.10
mozillabugzilla
2.12
mozillabugzilla
2.14
mozillabugzilla
2.14.1
mozillabugzilla
2.14.2
mozillabugzilla
2.14.3
mozillabugzilla
2.14.4
mozillabugzilla
2.14.5
mozillabugzilla
2.16
mozillabugzilla
2.16:rc1
mozillabugzilla
2.16.1
mozillabugzilla
2.16.2
mozillabugzilla
2.16.3
mozillabugzilla
2.16.4
mozillabugzilla
2.16.5
mozillabugzilla
2.16.6
mozillabugzilla
2.16.7
mozillabugzilla
2.16.8
mozillabugzilla
2.16.9
mozillabugzilla
2.16.10
mozillabugzilla
2.16.11
mozillabugzilla
2.17
mozillabugzilla
2.17.1
mozillabugzilla
2.17.3
mozillabugzilla
2.17.4
mozillabugzilla
2.17.5
mozillabugzilla
2.17.6
mozillabugzilla
2.17.7
mozillabugzilla
2.18
mozillabugzilla
2.18:rc1
mozillabugzilla
2.18:rc2
mozillabugzilla
2.18:rc3
mozillabugzilla
2.18.1
mozillabugzilla
2.18.2
mozillabugzilla
2.18.3
mozillabugzilla
2.18.4
mozillabugzilla
2.18.5
mozillabugzilla
2.19
mozillabugzilla
2.19.1
mozillabugzilla
2.19.2
mozillabugzilla
2.19.3
mozillabugzilla
2.20
mozillabugzilla
2.20:rc1
mozillabugzilla
2.20:rc2
mozillabugzilla
2.20.1
mozillabugzilla
2.20.2
mozillabugzilla
2.20.3
mozillabugzilla
2.20.4
mozillabugzilla
2.21
mozillabugzilla
2.21.1
mozillabugzilla
2.21.2
mozillabugzilla
2.22
mozillabugzilla
2.22:rc1
mozillabugzilla
2.22.1
mozillabugzilla
2.22.2
mozillabugzilla
2.22.3
mozillabugzilla
2.22.4
mozillabugzilla
2.22.5
mozillabugzilla
2.22.6
mozillabugzilla
2.22.7
mozillabugzilla
3.0.0
mozillabugzilla
3.0.1
mozillabugzilla
3.0.2
mozillabugzilla
3.0.3
mozillabugzilla
3.0.4
mozillabugzilla
3.0.5
mozillabugzilla
3.0.6
mozillabugzilla
3.0.7
mozillabugzilla
3.0.8
mozillabugzilla
3.0.9
mozillabugzilla
3.0.10
mozillabugzilla
3.0.11
mozillabugzilla
3.2
mozillabugzilla
3.2:rc1
mozillabugzilla
3.2:rc2
mozillabugzilla
3.2.1
mozillabugzilla
3.2.2
mozillabugzilla
3.2.3
mozillabugzilla
3.2.4
mozillabugzilla
3.2.5
mozillabugzilla
3.2.6
mozillabugzilla
3.2.7
mozillabugzilla
3.2.8
mozillabugzilla
3.2.9
mozillabugzilla
3.2.10
mozillabugzilla
3.3.1
mozillabugzilla
3.3.2
mozillabugzilla
3.3.3
mozillabugzilla
3.3.4
mozillabugzilla
3.4
mozillabugzilla
3.4:rc1
mozillabugzilla
3.4.1
mozillabugzilla
3.4.2
mozillabugzilla
3.4.3
mozillabugzilla
3.4.4
mozillabugzilla
3.4.5
mozillabugzilla
3.4.6
mozillabugzilla
3.4.7
mozillabugzilla
3.4.8
mozillabugzilla
3.4.9
mozillabugzilla
3.4.10
mozillabugzilla
3.4.11
mozillabugzilla
3.5
mozillabugzilla
3.5.1
mozillabugzilla
3.5.2
mozillabugzilla
3.5.3
mozillabugzilla
3.6
mozillabugzilla
3.6:rc1
mozillabugzilla
3.6.1
mozillabugzilla
3.6.2
mozillabugzilla
3.6.3
mozillabugzilla
3.6.4
mozillabugzilla
3.6.5
mozillabugzilla
3.7
mozillabugzilla
3.7.1
mozillabugzilla
3.7.2
mozillabugzilla
3.7.3
mozillabugzilla
4.0
mozillabugzilla
4.0:rc1
mozillabugzilla
4.0:rc2
mozillabugzilla
4.0.1
mozillabugzilla
4.1
mozillabugzilla
4.1.1
mozillabugzilla
4.1.2
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
bugzilla
saucy
dne
raring
dne
quantal
dne
precise
dne
oneiric
ignored
natty
not-affected
maverick
ignored
lucid
ignored
hardy
ignored
Common Weakness Enumeration
References
http://secunia.com/advisories/45501
http://www.bugzilla.org/security/3.4.11/
http://www.debian.org/security/2011/dsa-2322
http://www.osvdb.org/74297
http://www.securityfocus.com/bid/49042
https://bugzilla.mozilla.org/show_bug.cgi?id=637981
https://exchange.xforce.ibmcloud.com/vulnerabilities/69033
http://secunia.com/advisories/45501
http://www.bugzilla.org/security/3.4.11/
http://www.debian.org/security/2011/dsa-2322
http://www.osvdb.org/74297
http://www.securityfocus.com/bid/49042
https://bugzilla.mozilla.org/show_bug.cgi?id=637981
https://exchange.xforce.ibmcloud.com/vulnerabilities/69033