Mozilla Bugzilla Multiple Input Validation and Information disclosure Vulnerabilities

Bugtraq ID:	20538
Class:	Input Validation Error
CVE:	CVE-2006-5453 CVE-2006-5454 CVE-2006-5455
Remote:	Yes
Local:	No
Published:	Oct 16 2006 12:00AM
Updated:	Nov 15 2007 12:39AM
Credit:	Discovery of these issues is credited to Frédéric Buclin, Dave Miller, Gervase Markham, Gavin Shelley, Max Kanat-Alexander, Myk Melez, Josh "timeless" Soref, Olav Vitters and Adam Merrifield.
Vulnerable:	Mozilla Bugzilla 2.23.2 Mozilla Bugzilla 2.21.2 Mozilla Bugzilla 2.21.1 Mozilla Bugzilla 2.21 Mozilla Bugzilla 2.20.2 Mozilla Bugzilla 2.20.1 Mozilla Bugzilla 2.20 rc2 Mozilla Bugzilla 2.20 rc1 Mozilla Bugzilla 2.19.3 Mozilla Bugzilla 2.19.2 Mozilla Bugzilla 2.19.1 Mozilla Bugzilla 2.19 Mozilla Bugzilla 2.18.5 Mozilla Bugzilla 2.18.4 Mozilla Bugzilla 2.18.3 Mozilla Bugzilla 2.18.2 Mozilla Bugzilla 2.18.1 Mozilla Bugzilla 2.18 rc3 Mozilla Bugzilla 2.18 rc2 Mozilla Bugzilla 2.18 rc1 Mozilla Bugzilla 2.17.7 Mozilla Bugzilla 2.17.6 Mozilla Bugzilla 2.17.5 Mozilla Bugzilla 2.17.4 Mozilla Bugzilla 2.17.3 Mozilla Bugzilla 2.17.1 Mozilla Bugzilla 2.17 Mozilla Bugzilla 2.16.11 Mozilla Bugzilla 2.16.10 Mozilla Bugzilla 2.16.9 Mozilla Bugzilla 2.16.8 Mozilla Bugzilla 2.16.7 + Conectiva Linux 10.0 + Conectiva Linux 9.0 + Conectiva Linux 9.0 + Conectiva Linux 9.0 + Conectiva Linux 9.0 Mozilla Bugzilla 2.16.6 Mozilla Bugzilla 2.16.5 Mozilla Bugzilla 2.16.4 Mozilla Bugzilla 2.16.3 Mozilla Bugzilla 2.16.2 + Conectiva Linux 9.0 + Conectiva Linux 9.0 Mozilla Bugzilla 2.16.1 Mozilla Bugzilla 2.16 .10 Mozilla Bugzilla 2.16 - MandrakeSoft Linux Mandrake 9.0 - MandrakeSoft Linux Mandrake 9.0 Mozilla Bugzilla 2.14.5 Mozilla Bugzilla 2.14.4 Mozilla Bugzilla 2.14.3 Mozilla Bugzilla 2.14.2 + Debian Linux 3.0 sparc + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 s/390 + Debian Linux 3.0 s/390 + Debian Linux 3.0 s/390 + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 ppc + Debian Linux 3.0 ppc + Debian Linux 3.0 ppc + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mipsel + Debian Linux 3.0 mipsel + Debian Linux 3.0 mipsel + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 mips + Debian Linux 3.0 mips + Debian Linux 3.0 mips + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 m68k + Debian Linux 3.0 m68k + Debian Linux 3.0 m68k + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 hppa + Debian Linux 3.0 hppa + Debian Linux 3.0 hppa + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 arm + Debian Linux 3.0 arm + Debian Linux 3.0 arm + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + Debian Linux 3.0 alpha + Debian Linux 3.0 alpha + Debian Linux 3.0 alpha + Debian Linux 3.0 alpha + Debian Linux 3.0 + Debian Linux 3.0 + Debian Linux 3.0 + Debian Linux 3.0 + Debian Linux 3.0 Mozilla Bugzilla 2.14.1 Mozilla Bugzilla 2.14 - RedHat Linux 7.1 - RedHat Linux 7.1 - RedHat Linux 7.0 - RedHat Linux 7.0 - RedHat Linux 7.0 - RedHat Linux 7.0 - RedHat Linux 7.0 Mozilla Bugzilla 2.12 Mozilla Bugzilla 2.10 Mozilla Bugzilla 2.9 Mozilla Bugzilla 2.8 - Microsoft Windows 95 - Microsoft Windows 95 - Microsoft Windows 95 - Microsoft Windows 95 - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows 98 - Microsoft Windows 98 - Microsoft Windows 98 - Microsoft Windows 98 - Microsoft Windows NT 3.5.1 - Microsoft Windows NT 3.5.1 - Microsoft Windows NT 4.0 - Microsoft Windows NT 4.0 - Microsoft Windows NT 4.0 - Microsoft Windows NT 4.0 - Microsoft Windows NT 4.0 Mozilla Bugzilla 2.6 Mozilla Bugzilla 2.4 Mozilla Bugzilla 2.22 RC1 Mozilla Bugzilla 2.22 Mozilla Bugzilla 2.20 Gentoo Linux

Not Vulnerable:	Mozilla Bugzilla 2.23.3 Mozilla Bugzilla 2.22.1 Mozilla Bugzilla 2.20.3 Mozilla Bugzilla 2.18.6