CVE-2011-2979

CVE Database · CVE-2011-2979

CVE-2011-2979

· N/AModified

CVSS v3.1

N/A

EPSS

2.07%

Published

Aug 9, 2011

Modified

Apr 28, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Bugzilla 4.1.x before 4.1.3 generates different responses for certain assignee queries depending on whether the group name is valid, which allows remote attackers to determine the existence of private group names via a custom search. NOTE: this vulnerability exists because of a CVE-2010-2756 regression.

Affected Products (3)

mozilla · bugzillavulnerable

References (16)

http://secunia.com/advisories/45501

Vendor Advisory

http://www.bugzilla.org/security/3.4.11/

Vendor Advisory

http://www.debian.org/security/2011/dsa-2322

http://www.osvdb.org/74298

http://www.osvdb.org/74299

http://www.securityfocus.com/bid/49042

https://bugzilla.mozilla.org/show_bug.cgi?id=674497

ExploitPatch

https://exchange.xforce.ibmcloud.com/vulnerabilities/69166

http://secunia.com/advisories/45501

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs