CVE-2012-4199

CVE Database · CVE-2012-4199

CVE-2012-4199

· N/AModified

CVSS v3.1

N/A

EPSS

0.96%

Published

Nov 16, 2012

Modified

Apr 28, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

template/en/default/bug/field-events.js.tmpl in Bugzilla 3.x before 3.6.12, 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1 generates JavaScript function calls containing private product names or private component names in certain circumstances involving custom-field visibility control, which allows remote attackers to obtain sensitive information by reading HTML source code.

Weaknesses (CWE)

CWE-200

Affected Products (99)

mozilla · bugzillavulnerable

References (8)

http://www.bugzilla.org/security/3.6.11/

Vendor Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2013:066

https://bugzilla.mozilla.org/show_bug.cgi?id=731178

https://exchange.xforce.ibmcloud.com/vulnerabilities/80029