Insufficient Access Control Vulnerability in Bugzilla by Mozilla
CVE-2012-4747

Currently unrated

Key Information:

Vendor: Mozilla
Status: Bugzilla
Vendor: CVE Published:; 4 September 2012

What is CVE-2012-4747?

Bugzilla versions 2.x through 3.6.11, 3.7.x, 4.0.x before 4.0.8, 4.1.x, and 4.2.x before 4.2.3, as well as 4.3.x before 4.3.3, exhibit a significant vulnerability that allows unauthorized remote access to potentially sensitive files stored under the web root. This security oversight permits attackers to directly request and read template files (.tmpl), other custom extension files located in the extensions/ directory, and documentation files situated in the docs/ folder. Users of affected versions are advised to implement the latest security updates to mitigate this risk.

References

http://www.bugzilla.org/security/3.6.10/

x_refsource_CONFIRM

https://bugzilla.mozilla.org/show_bug.cgi?id=785511

x_refsource_CONFIRM

https://bugzilla.mozilla.org/show_bug.cgi?id=785522

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Sep 4, 2012