Bugzilla 2.20.x before 2.20.5, 2.22.x before 2.22.3, and 3.0.x before 3.0.3 on Windows does not delete the temporary files associated with uploaded attachments, which allows local users to obtain sensitive information by reading these files, a different vulnerability than CVE-2011-2977.
References
Link | Resource |
---|---|
https://bugzilla.mozilla.org/show_bug.cgi?id=414002 | Exploit Patch |
https://bugzilla.mozilla.org/show_bug.cgi?id=660502 | Patch |
https://bugzilla.mozilla.org/show_bug.cgi?id=414002 | Exploit Patch |
https://bugzilla.mozilla.org/show_bug.cgi?id=660502 | Patch |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
History
21 Nov 2024, 00:58
Type | Values Removed | Values Added |
---|---|---|
References | () https://bugzilla.mozilla.org/show_bug.cgi?id=414002 - Exploit, Patch | |
References | () https://bugzilla.mozilla.org/show_bug.cgi?id=660502 - Patch |
Information
Published : 2011-08-09 19:55
Updated : 2024-11-21 00:58
NVD link : CVE-2008-7292
Mitre link : CVE-2008-7292
CVE.ORG link : CVE-2008-7292
JSON object : View
Products Affected
microsoft
- windows
mozilla
- bugzilla
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor