Release date:
Updated on:
Affected Systems:
Mozilla Bugzilla 4.x
Mozilla Bugzilla 3.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 56504
Cve id: CVE-2012-4198
Bugzilla is an open-source defect tracking system that manages the entire lifecycle of defects in software development, such as submitting, repairing, and disabling defects.
Bugzilla uses the 'groupup' parameter to call the User. get method. Based on whether an error exists, information about the group can be leaked. If you call the User. get method that does not belong to these groups, an error occurs.
<* Source: Frederic Buclin
Link: https://bugzilla.mozilla.org/show_bug.cgi? Id = 781850
Http://www.bugzilla.org/security/3.6.11/
Http://secunia.com/advisories/51265/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Mozilla
-------
The vendor has released patch 3.6.12, 4.0.9, 4.2.4, and 4.4rc1 to fix this security problem. Please download the patch from the vendor's homepage:
Http://www.mozilla.org/security/