Information Disclosure Vulnerability in Bugzilla by Mozilla
CVE-2012-4199

Currently unrated

Key Information:

Vendor: Mozilla
Status: Bugzilla
Vendor: CVE Published:; 16 November 2012

What is CVE-2012-4199?

In Bugzilla versions prior to 3.6.12, 4.0.9, 4.2.4, and 4.4rc1, a security issue arises from the template functionality, leading to the generation of JavaScript function calls that may expose private product or component names. This issue occurs under specific circumstances related to custom-field visibility control, allowing remote attackers to gain access to sensitive information by analyzing the HTML source code.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/80029

vdb-entryx_refsource_XF

http://www.mandriva.com/security/advisories?name=MDVSA-20...

vendor-advisoryx_refsource_MANDRIVA

http://www.bugzilla.org/security/3.6.11/

x_refsource_CONFIRM

Timeline

Vulnerability published
Nov 16, 2012
Vulnerability Reserved
Aug 8, 2012