Information Disclosure Vulnerability in Bugzilla Software by Mozilla
CVE-2012-1969

Currently unrated

Key Information:

Vendor

Mozilla
Status
Bugzilla
Vendor
CVE Published:
30 July 2012

What is CVE-2012-1969?

The get_attachment_link function in Bugzilla's Template.pm fails to verify if an attachment is private before revealing its description in a public comment. This oversight enables remote attackers to retrieve sensitive information relating to private attachments by simply accessing public comments, potentially exposing confidential data and undermining user privacy.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.bugzilla.org/security/3.6.9/
x_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDVSA-20...
vendor-advisoryx_refsource_MANDRIVA
https://bugzilla.mozilla.org/show_bug.cgi?id=777586
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.