HTML Bugmail Vulnerability in Bugzilla by Mozilla
CVE-2012-1968
Currently unrated
What is CVE-2012-1968?
The Bugzilla application, specifically versions 4.1.x and 4.2.x prior to 4.2.2 and 4.3.x prior to 4.3.2, exhibits a vulnerability where bug-editor privileges are mistakenly used instead of bugmail-recipient privileges during the generation of HTML bugmail documents. This flaw enables remote attackers to exploit the system and extract sensitive information by accessing tooltip content within HTML emails, thereby compromising confidential bug descriptions.