CVE-2012-1969

Currently unrated

Key Information:

Vendor: Mozilla
Status: Bugzilla
Vendor: CVE Published:; 30 July 2012

Summary

The get_attachment_link function in Template.pm in Bugzilla 2.x and 3.x before 3.6.10, 3.7.x and 4.0.x before 4.0.7, 4.1.x and 4.2.x before 4.2.2, and 4.3.x before 4.3.2 does not check whether an attachment is private before presenting the attachment description within a public comment, which allows remote attackers to obtain sensitive description information by reading a comment.

References

http://www.bugzilla.org/security/3.6.9/

x_refsource_CONFIRM

http://www.mandriva.com/security/advisories?name=MDVSA-20...

vendor-advisoryx_refsource_MANDRIVA

https://bugzilla.mozilla.org/show_bug.cgi?id=777586

x_refsource_CONFIRM

Timeline

Vulnerability published
Jul 30, 2012
Vulnerability Reserved
Mar 30, 2012