CVE-2012-4197

Currently unrated

Key Information:

Vendor: Mozilla
Status: Bugzilla
Vendor: CVE Published:; 16 November 2012

Summary

Bugzilla/Attachment.pm in attachment.cgi in Bugzilla 2.x and 3.x before 3.6.12, 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1 allows remote attackers to read attachment descriptions from private bugs via an obsolete=1 insert action.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=802204

x_refsource_CONFIRM

http://www.mandriva.com/security/advisories?name=MDVSA-20...

vendor-advisoryx_refsource_MANDRIVA

https://exchange.xforce.ibmcloud.com/vulnerabilities/80032

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Nov 16, 2012
Vulnerability Reserved
Aug 8, 2012