CVE-2012-4199

Name of the Vulnerable Software and Affected Versions Bugzilla versions 3.x through 3.6.11 Bugzilla versions 3.7.x Bugzilla versions 4.0.x through 4.0.8 Bugzilla versions 4.1.x Bugzilla versions 4.2.x through 4.2.3 Bugzilla versions 4.3.x through 4.4rc1

Description The issue allows remote attackers to obtain sensitive information by reading HTML source code, specifically in circumstances involving custom-field visibility control. This occurs because the template/en/default/bug/field-events.js.tmpl file generates JavaScript function calls containing private product names or private component names.

Recommendations For Bugzilla versions 3.x through 3.6.11, update to version 3.6.12 or later. For Bugzilla versions 3.7.x, update to version 4.0.9 or later. For Bugzilla versions 4.0.x through 4.0.8, update to version 4.0.9 or later. For Bugzilla versions 4.1.x, update to version 4.2.4 or later. For Bugzilla versions 4.2.x through 4.2.3, update to version 4.2.4 or later. For Bugzilla versions 4.3.x through 4.4rc1, update to version 4.4rc1 or later.