Release date:
Updated on:
Affected Systems:
Mozilla Bugzilla 4.x
Mozilla Bugzilla 2.x
Mozilla Bugzilla 3.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 54708
Cve id: CVE-2012-1968, CVE-2012-1969
Bugzilla is an open-source defect tracking system that manages the entire lifecycle of defects in software development, such as submitting, repairing, and disabling defects.
Multiple Information Leakage vulnerabilities in the implementation of Bugzilla 2.17.5 to 3.6.9, 3.7.1 to 4.0.6, 4.1.1 to 4.2.1, and 4.3.1. If the application does not have the permission to correctly verify the address, the bug summary may be leaked through the HTML bugmails, leakage of private attachment descriptions using public bug annotations.
<* Source: Fr é d é ric Buclin (LpSolit@gmail.com)
Byron Jones
Link: http://secunia.com/advisories/50040/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Mozilla
-------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.bugzilla.org/security/3.6.9/