CVE-2012-1968
Bugzilla 4.1.x-4.2.x < 4.2.2 and 4.3.x < 4.3.2 - Information Disclosure via HTML Bugmail Tooltip
Title source: llmDescription
Bugzilla 4.1.x and 4.2.x before 4.2.2 and 4.3.x before 4.3.2 uses bug-editor privileges instead of bugmail-recipient privileges during construction of HTML bugmail documents, which allows remote attackers to obtain sensitive description information by reading the tooltip portions of an HTML e-mail message.
References (3)
Core 3
Core References
Patch x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=777398
Vendor Advisory x_refsource_confirm
http://www.bugzilla.org/security/3.6.9/
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/50040
Scores
EPSS
0.0146
EPSS Percentile
70.6%
Details
CWE
CWE-264
Status
published
Products (8)
mozilla/bugzilla
4.1
mozilla/bugzilla
4.1.1
mozilla/bugzilla
4.1.2
mozilla/bugzilla
4.1.3
mozilla/bugzilla
4.2 (3 CPE variants)
mozilla/bugzilla
4.2.1
mozilla/bugzilla
4.3
mozilla/bugzilla
4.3.1
Published
Jul 30, 2012
Tracked Since
Feb 18, 2026