CVE-2011-2977

CVE Database · CVE-2011-2977

CVE-2011-2977

· N/AModified

CVSS v3.1

N/A

EPSS

0.29%

Published

Aug 9, 2011

Modified

Apr 28, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Bugzilla 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 on Windows does not delete the temporary files associated with uploaded attachments, which allows local users to obtain sensitive information by reading these files. NOTE: this issue exists because of a regression in 3.6.

Affected Products (18)

mozilla · bugzillavulnerable

References (12)

http://secunia.com/advisories/45501

Vendor Advisory

http://www.bugzilla.org/security/3.4.11/

Vendor Advisory

http://www.osvdb.org/74302

http://www.securityfocus.com/bid/49042

https://bugzilla.mozilla.org/show_bug.cgi?id=660502

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/69037

http://secunia.com/advisories/45501

Vendor Advisory

http://www.bugzilla.org/security/3.4.11/

Vendor Advisory

http://www.osvdb.org/74302

KEV Catalog EPSS Scores Vendors All CVEs