HTML Bugmail Vulnerability in Bugzilla by Mozilla
CVE-2012-1968

Currently unrated

Key Information:

Vendor: Mozilla
Status: Bugzilla
Vendor: CVE Published:; 30 July 2012

What is CVE-2012-1968?

The Bugzilla application, specifically versions 4.1.x and 4.2.x prior to 4.2.2 and 4.3.x prior to 4.3.2, exhibits a vulnerability where bug-editor privileges are mistakenly used instead of bugmail-recipient privileges during the generation of HTML bugmail documents. This flaw enables remote attackers to exploit the system and extract sensitive information by accessing tooltip content within HTML emails, thereby compromising confidential bug descriptions.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=777398

x_refsource_CONFIRM

http://www.bugzilla.org/security/3.6.9/

x_refsource_CONFIRM

http://secunia.com/advisories/50040

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jul 30, 2012

JSON