VYPR
← All advisories
Unrated severityNVD Advisory· Published Aug 9, 2011· Updated Apr 29, 2026

CVE-2011-2976

CVE-2011-2976

Description

Cross-site scripting (XSS) vulnerability in Bugzilla 2.16rc1 through 2.22.7, 3.0.x through 3.3.x, and 3.4.x before 3.4.12 allows remote attackers to inject arbitrary web script or HTML via vectors involving a BUGLIST cookie.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Bugzilla's BUGLIST cookie is not sanitized when displayed on show_bug.cgi, allowing stored XSS in older versions (2.16rc1 through 3.4.11).

Vulnerability

A cross-site scripting (XSS) vulnerability exists in Bugzilla versions 2.16rc1 through 2.22.7, 3.0.x through 3.3.x, and 3.4.x before 3.4.12 [1][2]. The flaw resides in show_bug.cgi, where the BUGLIST cookie value is reflected into the page's HTML ` section without proper sanitization or escaping, enabling injection of arbitrary web script or HTML [2]. The affected code path is triggered when a user views a bug report and the BUGLIST` cookie is present; no additional authentication beyond a valid session is required for the cookie to be processed.

Exploitation

An attacker must first obtain or forge a victim's BUGLIST cookie — for example via session hijacking, cross-site scripting in another component, or network interception if cookies are sent over unencrypted connections. Once the attacker has write access to the cookie, they set its value to a malicious script payload. When the victim subsequently views a bug report (e.g., show_bug.cgi?id=123), the injected payload is reflected into the page and executed in the victim's browser in the context of the Bugzilla site [2]. No user interaction beyond a normal page load is required.

Impact

Successful exploitation allows the attacker to execute arbitrary JavaScript in the victim's browser, leading to full compromise of the victim's Bugzilla session. This can result in privilege escalation, unauthorized access to sensitive bug reports, modification of bugs, or further data theft. The impact is limited to sessions of users who view bug reports while the cookie is set; however, because the injection occurs into the HTML head, the attacker may bypass some content security policies [2].

Mitigation

Bugzilla 3.4.12, released on August 4, 2011, contains the fix for this vulnerability [1]. Users must upgrade to 3.4.12 or later (3.6.6, 4.0.2, 4.1.3). No workaround is provided for unsupported versions; the Bugzilla project recommends upgrading immediately. This CVE is not listed on the CISA Known Exploited Vulnerabilities catalog as of the publication date.

References
  1. 4.1.2, 4.0.1, 3.6.5, and 3.4.11 Security Advisory
  2. 660053 - (CVE-2011-2976) [SECURITY] If a BUGLIST cookie is compromised, it can be used to XSS show_bug.cgi and inject HTML into <head>

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

106
  • Mozilla Corporation/Bugzilla106 versions
    cpe:2.3:a:mozilla:bugzilla:2.16:*:*:*:*:*:*:*+ 105 more
    • cpe:2.3:a:mozilla:bugzilla:2.16:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:2.16.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:2.16.10:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:2.16.11:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:2.16.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:2.16.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:2.16.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:2.16.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:2.16.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:2.16.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:2.16.8:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:2.16.9:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:2.16:rc1:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:2.17:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:2.17.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:2.17.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:2.17.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:2.17.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:2.17.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:2.17.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:2.18:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:2.18.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:2.18.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:2.18.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:2.18.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:2.18.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:2.18.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:2.18:rc1:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:2.18:rc2:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:2.18:rc3:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:2.19:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:2.19.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:2.19.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:2.19.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:2.20:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:2.20.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:2.20.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:2.20.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:2.20.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:2.20.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:2.20.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:2.20.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:2.20:rc1:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:2.20:rc2:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:2.21:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:2.21.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:2.21.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:2.22:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:2.22.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:2.22.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:2.22.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:2.22.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:2.22.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:2.22.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:2.22.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:2.22:rc1:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:3.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:3.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:3.0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:3.0.11:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:3.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:3.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:3.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:3.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:3.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:3.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:3.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:3.0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:3.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:3.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:3.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:3.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:3.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:3.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:3.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:3.2.10:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:3.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:3.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:3.2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:3.2.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:3.2.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:3.2.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:3.2.8:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:3.2.9:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:3.2:rc1:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:3.2:rc2:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:3.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:3.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:3.3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:3.3.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:3.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:3.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:3.4.10:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:3.4.11:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:3.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:3.4.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:3.4.4:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:3.4.5:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:3.4.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:3.4.7:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:3.4.8:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:3.4.9:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:bugzilla:3.4:rc1:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

6

News mentions

0

No linked articles in our index yet.