ByteOS Network

NVD Vulnerability Details :

CVE-2012-1968

Deferred

Source-cve@mitre.org

Published At-30 Jul, 2012 | 13:55

Updated At-11 Apr, 2025 | 00:51

Bugzilla 4.1.x and 4.2.x before 4.2.2 and 4.3.x before 4.3.2 uses bug-editor privileges instead of bugmail-recipient privileges during construction of HTML bugmail documents, which allows remote attackers to obtain sensitive description information by reading the tooltip portions of an HTML e-mail message.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	4.3	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:N

CPE Matches

Weaknesses

CWE ID	Type	Source
CWE-264	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
http://secunia.com/advisories/50040	cve@mitre.org	N/A
http://www.bugzilla.org/security/3.6.9/	cve@mitre.org	Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=777398	cve@mitre.org	Patch
http://secunia.com/advisories/50040	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.bugzilla.org/security/3.6.9/	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=777398	af854a3a-2127-422b-91ae-364da2661108	Patch

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History