CVE-2006-0916

CVE Database · CVE-2006-0916

CVE-2006-0916

· N/AModified

CVSS v3.1

N/A

EPSS

1.18%

Published

Feb 28, 2006

Modified

Apr 15, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Bugzilla 2.19.3 through 2.20 does not properly handle "//" sequences in URLs when redirecting a user from the login form, which could cause it to generate a partial URL in a form action that causes the user's browser to send the form data to another domain.

Affected Products (7)

mozilla · bugzillavulnerable

References (14)

http://secunia.com/advisories/18979

Vendor Advisory

http://securityreason.com/securityalert/464

http://www.securityfocus.com/archive/1/425584/100/0/threaded

http://www.securityfocus.com/bid/16745

Vendor Advisory

http://www.vupen.com/english/advisories/2006/0692

https://bugzilla.mozilla.org/show_bug.cgi?id=325079

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/24821

http://secunia.com/advisories/18979

Vendor Advisory

http://securityreason.com/securityalert/464

KEV Catalog EPSS Scores Vendors All CVEs