CVE-2005-3139

CVE Database · CVE-2005-3139

CVE-2005-3139

· N/AModified

CVSS v3.1

N/A

EPSS

0.97%

Published

Oct 5, 2005

Modified

Apr 15, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Bugzilla 2.19.1 through 2.20rc2 and 2.21, with user matching turned on in substring mode, allows attackers to list all users whose names match an arbitrary substring, even when the usevisibilitygroups parameter is set.

Affected Products (6)

mozilla · bugzillavulnerable

References (10)

http://marc.info/?l=bugtraq&m=112818466125484&w=2

http://secunia.com/advisories/17030/

PatchVendor Advisory

http://www.bugzilla.org/security/2.18.4/

PatchVendor Advisory

http://www.securityfocus.com/bid/14996

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/42799

http://marc.info/?l=bugtraq&m=112818466125484&w=2

http://secunia.com/advisories/17030/

PatchVendor Advisory

http://www.bugzilla.org/security/2.18.4/

KEV Catalog EPSS Scores Vendors All CVEs