Bugzilla 4.1.x and 4.2.x prior to 4.2.2 and 4.3.x prior to 4.3.2 uses bug-editor privileges instead of bugmail-recipient privileges during construction of HTML bugmail documents, which allows remote malicious users to obtain sensitive description information by reading the tooltip portions of an HTML e-mail message.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla bugzilla 4.2 |
||
mozilla bugzilla 4.2.1 |
||
mozilla bugzilla 4.3 |
||
mozilla bugzilla 4.1 |
||
mozilla bugzilla 4.1.2 |
||
mozilla bugzilla 4.3.1 |
||
mozilla bugzilla 4.1.1 |
||
mozilla bugzilla 4.1.3 |