CVE-2012-1968 (retired)

Priority
Description
Bugzilla 4.1.x and 4.2.x before 4.2.2 and 4.3.x before 4.3.2 uses
bug-editor privileges instead of bugmail-recipient privileges during
construction of HTML bugmail documents, which allows remote attackers to
obtain sensitive description information by reading the tooltip portions of
an HTML e-mail message.
Package
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):DNE
More Information

Updated: 2019-03-26 12:01:38 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)