Description
Bugzilla 2.20.x before 2.20.5, 2.22.x before 2.22.3, and 3.0.x before 3.0.3 on Windows does not delete the temporary files associated with uploaded attachments, which allows local users to obtain sensitive information by reading these files, a different vulnerability than CVE-2011-2977.
References (2)
Core 2
Core References
Exploit, Patch x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=414002
Patch x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=660502
Scores
EPSS
0.0038
EPSS Percentile
30.5%
Details
CWE
CWE-200
Status
published
Products (12)
mozilla/bugzilla
2.20
mozilla/bugzilla
2.20.1
mozilla/bugzilla
2.20.2
mozilla/bugzilla
2.20.3
mozilla/bugzilla
2.20.4
mozilla/bugzilla
2.22
mozilla/bugzilla
2.22.1
mozilla/bugzilla
2.22.2
mozilla/bugzilla
3.0
mozilla/bugzilla
3.0.0
... and 2 more
Published
Aug 09, 2011
Tracked Since
Feb 18, 2026