Information Disclosure Vulnerability in Bugzilla Software by Mozilla
CVE-2012-1969

Currently unrated

Key Information:

Vendor: Mozilla
Status: Bugzilla
Vendor: CVE Published:; 30 July 2012

What is CVE-2012-1969?

The get_attachment_link function in Bugzilla's Template.pm fails to verify if an attachment is private before revealing its description in a public comment. This oversight enables remote attackers to retrieve sensitive information relating to private attachments by simply accessing public comments, potentially exposing confidential data and undermining user privacy.

References

http://www.bugzilla.org/security/3.6.9/

x_refsource_CONFIRM

http://www.mandriva.com/security/advisories?name=MDVSA-20...

vendor-advisoryx_refsource_MANDRIVA

https://bugzilla.mozilla.org/show_bug.cgi?id=777586

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 30, 2012
Vulnerability Reserved
Mar 30, 2012