CVE-2012-1968

Name of the Vulnerable Software and Affected Versions Bugzilla versions 4.1.x through 4.2.1 Bugzilla versions 4.3.x before 4.3.2

Description The issue allows remote attackers to obtain sensitive description information by reading the tooltip portions of an HTML e-mail message. This occurs because Bugzilla uses bug-editor privileges instead of bugmail-recipient privileges during the construction of HTML bugmail documents.

Recommendations For Bugzilla versions 4.1.x through 4.2.1, update to version 4.2.2 or later. For Bugzilla versions 4.3.x before 4.3.2, update to version 4.3.2 or later.