CVE-2012-1968

Bugzilla 4.1.x-4.2.x < 4.2.2 and 4.3.x < 4.3.2 - Information Disclosure via HTML Bugmail Tooltip

Title source: llm
STIX 2.1

Description

Bugzilla 4.1.x and 4.2.x before 4.2.2 and 4.3.x before 4.3.2 uses bug-editor privileges instead of bugmail-recipient privileges during construction of HTML bugmail documents, which allows remote attackers to obtain sensitive description information by reading the tooltip portions of an HTML e-mail message.

References (3)

Core 3
Core References
Vendor Advisory x_refsource_confirm
http://www.bugzilla.org/security/3.6.9/
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/50040

Scores

EPSS 0.0146
EPSS Percentile 70.6%

Details

CWE
CWE-264
Status published
Products (8)
mozilla/bugzilla 4.1
mozilla/bugzilla 4.1.1
mozilla/bugzilla 4.1.2
mozilla/bugzilla 4.1.3
mozilla/bugzilla 4.2 (3 CPE variants)
mozilla/bugzilla 4.2.1
mozilla/bugzilla 4.3
mozilla/bugzilla 4.3.1
Published Jul 30, 2012
Tracked Since Feb 18, 2026