HTML Bugmail Vulnerability in Bugzilla by Mozilla
CVE-2012-1968

Currently unrated

Key Information:

Vendor

Mozilla

Status
Vendor
CVE Published:
30 July 2012

What is CVE-2012-1968?

The Bugzilla application, specifically versions 4.1.x and 4.2.x prior to 4.2.2 and 4.3.x prior to 4.3.2, exhibits a vulnerability where bug-editor privileges are mistakenly used instead of bugmail-recipient privileges during the generation of HTML bugmail documents. This flaw enables remote attackers to exploit the system and extract sensitive information by accessing tooltip content within HTML emails, thereby compromising confidential bug descriptions.

References

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.