CVE-2006-5454

CVE Database · CVE-2006-5454

CVE-2006-5454

· N/AModified

CVSS v3.1

N/A

EPSS

1.91%

Published

Oct 23, 2006

Modified

Apr 22, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.22.1, and 2.23.x before 2.23.3 allow remote attackers to obtain (1) the description of arbitrary attachments by viewing the attachment in "diff" mode in attachment.cgi, and (2) the deadline field by viewing the XML format of the bug in show_bug.cgi.

Affected Products (18)

mozilla · bugzillavulnerable

References (20)

http://secunia.com/advisories/22409

http://secunia.com/advisories/22790

http://security.gentoo.org/glsa/glsa-200611-04.xml

http://securityreason.com/securityalert/1760

http://securitytracker.com/id?1017064

Patch

http://www.bugzilla.org/security/2.18.5/

http://www.osvdb.org/29546

http://www.osvdb.org/29547

http://www.securityfocus.com/archive/1/448777/100/100/threaded

http://www.securityfocus.com/bid/20538

http://www.vupen.com/english/advisories/2006/4035

https://bugzilla.mozilla.org/show_bug.cgi?id=346086

KEV Catalog EPSS Scores Vendors All CVEs