CVE-2012-4199

template/en/default/bug/field-events.js.tmpl in Bugzilla 3.x before 3.6.12, 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1 generates JavaScript function calls containing private product names or private component names in certain circumstances involving custom-field visibility control, which allows remote attackers to obtain sensitive information by reading HTML source code.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 54%
VendorProductVersion
mozillabugzilla
𝑥
≤ 3.6.11
mozillabugzilla
3.0
mozillabugzilla
3.0:rc1
mozillabugzilla
3.0.0
mozillabugzilla
3.0.1
mozillabugzilla
3.0.2
mozillabugzilla
3.0.3
mozillabugzilla
3.0.4
mozillabugzilla
3.0.5
mozillabugzilla
3.0.6
mozillabugzilla
3.0.7
mozillabugzilla
3.0.8
mozillabugzilla
3.0.9
mozillabugzilla
3.0.10
mozillabugzilla
3.0.11
mozillabugzilla
3.1.0
mozillabugzilla
3.1.1
mozillabugzilla
3.1.2
mozillabugzilla
3.1.3
mozillabugzilla
3.1.4
mozillabugzilla
3.2
mozillabugzilla
3.2:rc1
mozillabugzilla
3.2:rc2
mozillabugzilla
3.2.1
mozillabugzilla
3.2.2
mozillabugzilla
3.2.3
mozillabugzilla
3.2.4
mozillabugzilla
3.2.5
mozillabugzilla
3.2.6
mozillabugzilla
3.2.7
mozillabugzilla
3.2.8
mozillabugzilla
3.2.9
mozillabugzilla
3.2.10
mozillabugzilla
3.3
mozillabugzilla
3.3.1
mozillabugzilla
3.3.2
mozillabugzilla
3.3.3
mozillabugzilla
3.3.4
mozillabugzilla
3.4
mozillabugzilla
3.4:rc1
mozillabugzilla
3.4.1
mozillabugzilla
3.4.2
mozillabugzilla
3.4.3
mozillabugzilla
3.4.4
mozillabugzilla
3.4.5
mozillabugzilla
3.4.6
mozillabugzilla
3.4.7
mozillabugzilla
3.4.8
mozillabugzilla
3.4.9
mozillabugzilla
3.4.10
mozillabugzilla
3.4.11
mozillabugzilla
3.4.12
mozillabugzilla
3.4.13
mozillabugzilla
3.5
mozillabugzilla
3.5.1
mozillabugzilla
3.5.2
mozillabugzilla
3.5.3
mozillabugzilla
3.6
mozillabugzilla
3.6:rc1
mozillabugzilla
3.6.0
mozillabugzilla
3.6.1
mozillabugzilla
3.6.2
mozillabugzilla
3.6.3
mozillabugzilla
3.6.4
mozillabugzilla
3.6.5
mozillabugzilla
3.6.6
mozillabugzilla
3.6.7
mozillabugzilla
3.6.8
mozillabugzilla
3.6.9
mozillabugzilla
3.6.10
mozillabugzilla
3.7
mozillabugzilla
3.7.1
mozillabugzilla
3.7.2
mozillabugzilla
3.7.3
mozillabugzilla
4.0
mozillabugzilla
4.0:rc1
mozillabugzilla
4.0:rc2
mozillabugzilla
4.0.1
mozillabugzilla
4.0.2
mozillabugzilla
4.0.3
mozillabugzilla
4.0.4
mozillabugzilla
4.0.5
mozillabugzilla
4.0.6
mozillabugzilla
4.0.7
mozillabugzilla
4.0.8
mozillabugzilla
4.1
mozillabugzilla
4.1.1
mozillabugzilla
4.1.2
mozillabugzilla
4.1.3
mozillabugzilla
4.2
mozillabugzilla
4.2:rc1
mozillabugzilla
4.2:rc2
mozillabugzilla
4.2.1
mozillabugzilla
4.2.2
mozillabugzilla
4.2.3
mozillabugzilla
4.3
mozillabugzilla
4.3.1
mozillabugzilla
4.3.2
mozillabugzilla
4.3.3
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
bugzilla
saucy
dne
raring
dne
quantal
dne
precise
dne
oneiric
ignored
lucid
ignored
hardy
ignored
Common Weakness Enumeration
References
http://www.bugzilla.org/security/3.6.11/
http://www.mandriva.com/security/advisories?name=MDVSA-2013:066
https://bugzilla.mozilla.org/show_bug.cgi?id=731178
https://exchange.xforce.ibmcloud.com/vulnerabilities/80029
http://www.bugzilla.org/security/3.6.11/
http://www.mandriva.com/security/advisories?name=MDVSA-2013:066
https://bugzilla.mozilla.org/show_bug.cgi?id=731178
https://exchange.xforce.ibmcloud.com/vulnerabilities/80029