Bugzilla vulnerabilities: known CVEs & security history
Mozilla · IT service management · 151 tracked CVEs · 0 actively exploited · updated June 2026 · what is a CVE? →
This is the full list of known vulnerabilities (CVEs) across all Bugzilla release lines — 151 in total. A CVE here doesn't mean your version is affected — check Bugzilla's current status and the safe version to run.
Known Bugzilla CVEs
Actively-exploited and most-severe first. Showing the top 80 of 151. Open any CVE for full details.
| CVE | Severity | CVSS | EPSS | Year |
|---|---|---|---|---|
| CVE-2003-1042 | high | 10 | 3% | 2004 |
| CVE-2003-1043 | high | 10 | 3% | 2004 |
| CVE-2004-0769 | high | 10 | 7% | 2004 |
| CVE-2002-0007 | high | 10 | 2% | 2002 |
| CVE-2018-5123 | high | 8.8 | 1% | 2019 |
| CVE-2015-4499 | high | 7.5 | 3% | 2015 |
| CVE-2010-4568 | high | 7.5 | 3% | 2011 |
| CVE-2009-3165 | high | 7.5 | 1% | 2009 |
| CVE-2009-3125 | high | 7.5 | 1% | 2009 |
| CVE-2009-0486 | high | 7.5 | 1% | 2009 |
| CVE-2007-5038 | high | 7.5 | 2% | 2007 |
| CVE-2007-0792 | high | 7.5 | 1% | 2007 |
| CVE-2006-0915 | high | 7.5 | 1% | 2006 |
| CVE-2006-0916 | high | 7.5 | 1% | 2006 |
| CVE-2005-4534 | high | 7.5 | 2% | 2005 |
| CVE-2005-1564 | high | 7.5 | 2% | 2005 |
| CVE-2003-1044 | high | 7.5 | 1% | 2004 |
| CVE-2003-1046 | high | 7.5 | 1% | 2004 |
| CVE-2004-0703 | high | 7.5 | 1% | 2004 |
| CVE-2004-0707 | high | 7.5 | 1% | 2004 |
| CVE-2003-0013 | high | 7.5 | 2% | 2003 |
| CVE-2002-1196 | high | 7.5 | 2% | 2002 |
| CVE-2002-1197 | high | 7.5 | 2% | 2002 |
| CVE-2002-1198 | high | 7.5 | 1% | 2002 |
| CVE-2002-0804 | high | 7.5 | 1% | 2002 |
| CVE-2002-0807 | high | 7.5 | 1% | 2002 |
| CVE-2002-0808 | high | 7.5 | 1% | 2002 |
| CVE-2002-0809 | high | 7.5 | 1% | 2002 |
| CVE-2002-0811 | high | 7.5 | 2% | 2002 |
| CVE-2002-0008 | high | 7.5 | 2% | 2002 |
| CVE-2002-0010 | high | 7.5 | 2% | 2002 |
| CVE-2001-1401 | high | 7.5 | 2% | 2001 |
| CVE-2001-1402 | high | 7.5 | 2% | 2001 |
| CVE-2001-1403 | high | 7.5 | 1% | 2001 |
| CVE-2001-1404 | high | 7.5 | 1% | 2001 |
| CVE-2001-1407 | high | 7.5 | 1% | 2001 |
| CVE-2001-0329 | high | 7.5 | 3% | 2001 |
| CVE-2001-0330 | high | 7.5 | 2% | 2001 |
| CVE-2000-0421 | high | 7.5 | 2% | 2000 |
| CVE-2008-4437 | high | 7.1 | 6% | 2008 |
| CVE-2013-1734 | medium | 6.8 | 1% | 2013 |
| CVE-2013-1733 | medium | 6.8 | 1% | 2013 |
| CVE-2011-3669 | medium | 6.8 | 1% | 2012 |
| CVE-2011-3668 | medium | 6.8 | 1% | 2012 |
| CVE-2011-3667 | medium | 6.8 | 1% | 2012 |
| CVE-2011-0046 | medium | 6.8 | 1% | 2011 |
| CVE-2009-1213 | medium | 6.8 | 1% | 2009 |
| CVE-2004-0705 | medium | 6.8 | 1% | 2004 |
| CVE-2003-0602 | medium | 6.8 | 1% | 2003 |
| CVE-2014-8630 | medium | 6.5 | 2% | 2015 |
| CVE-2010-2757 | medium | 6.5 | 1% | 2010 |
| CVE-2016-2803 | medium | 6.1 | 1% | 2017 |
| CVE-2009-0485 | medium | 5.8 | 1% | 2009 |
| CVE-2009-0484 | medium | 5.8 | 1% | 2009 |
| CVE-2009-0483 | medium | 5.8 | 1% | 2009 |
| CVE-2009-0482 | medium | 5.8 | 1% | 2009 |
| CVE-2006-0913 | medium | 5.5 | 1% | 2006 |
| CVE-2006-0914 | medium | 5.5 | 1% | 2006 |
| CVE-2012-0453 | medium | 5.1 | 1% | 2012 |
| CVE-2012-0440 | medium | 5.1 | 1% | 2012 |
| CVE-2014-1572 | medium | 5 | 2% | 2014 |
| CVE-2013-0786 | medium | 5 | 2% | 2013 |
| CVE-2012-5884 | medium | 5 | 1% | 2012 |
| CVE-2012-4197 | medium | 5 | 2% | 2012 |
| CVE-2012-4747 | medium | 5 | 2% | 2012 |
| CVE-2012-3981 | medium | 5 | 2% | 2012 |
| CVE-2011-2979 | medium | 5 | 2% | 2011 |
| CVE-2011-2978 | medium | 5 | 2% | 2011 |
| CVE-2011-2380 | medium | 5 | 2% | 2011 |
| CVE-2010-3764 | medium | 5 | 2% | 2010 |
| CVE-2010-2758 | medium | 5 | 1% | 2010 |
| CVE-2010-2756 | medium | 5 | 2% | 2010 |
| CVE-2010-1204 | medium | 5 | 2% | 2010 |
| CVE-2009-3387 | medium | 5 | 2% | 2010 |
| CVE-2009-3386 | medium | 5 | 2% | 2009 |
| CVE-2009-3166 | medium | 5 | 1% | 2009 |
| CVE-2007-4538 | medium | 5 | 2% | 2007 |
| CVE-2007-4539 | medium | 5 | 2% | 2007 |
| CVE-2006-5454 | medium | 5 | 2% | 2006 |
| CVE-2005-3138 | medium | 5 | 1% | 2005 |
71 older / lower-severity CVEs not shown — see Bugzilla's full record.
Is my Bugzilla version affected?
The list above spans every release. To know whether your version is affected — and the minimum safe version to upgrade to — check it directly.
Check your Bugzilla version → · Monitor Bugzilla for new CVEs →
Bugzilla vulnerabilities — frequently asked
How many known vulnerabilities does Bugzilla have?
IsItPatched tracks 151 CVEs for Bugzilla. 0 are critical-severity and 40 high-severity. These span every release line — what matters is whether the version you run is affected.
Does Bugzilla have any actively-exploited vulnerabilities?
None of Bugzilla's tracked CVEs are currently in CISA's KEV catalog — but new ones can be added at any time, so keep your version current.
What is the most severe Bugzilla vulnerability?
Among tracked issues, CVE-2003-1042 (HIGH, CVSS 10) ranks highest.
Is Bugzilla safe to use?
It depends on the version. The latest supported Bugzilla release clears the known issues; older versions may still be affected. Check the exact version you run for a verdict.
CVE data aggregated from NVD, CISA KEV and EPSS (FIRST.org). Related: Bugzilla security status · Bugzilla end-of-life · actively-exploited CVEs. Always verify against Mozilla's advisories — see our disclaimer.