Vulnerabilities > Mozilla > Bugzilla > 4.2.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-09-04 | CVE-2012-3981 | Credentials Management vulnerability in Mozilla Bugzilla Auth/Verify/LDAP.pm in Bugzilla 2.x and 3.x before 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 does not restrict the characters in a username, which might allow remote attackers to inject data into an LDAP directory via a crafted login attempt. | 5.0 |
2012-07-30 | CVE-2012-1969 | Permissions, Privileges, and Access Controls vulnerability in Mozilla Bugzilla The get_attachment_link function in Template.pm in Bugzilla 2.x and 3.x before 3.6.10, 3.7.x and 4.0.x before 4.0.7, 4.1.x and 4.2.x before 4.2.2, and 4.3.x before 4.3.2 does not check whether an attachment is private before presenting the attachment description within a public comment, which allows remote attackers to obtain sensitive description information by reading a comment. | 4.3 |
2012-07-30 | CVE-2012-1968 | Permissions, Privileges, and Access Controls vulnerability in Mozilla Bugzilla Bugzilla 4.1.x and 4.2.x before 4.2.2 and 4.3.x before 4.3.2 uses bug-editor privileges instead of bugmail-recipient privileges during construction of HTML bugmail documents, which allows remote attackers to obtain sensitive description information by reading the tooltip portions of an HTML e-mail message. | 4.3 |