CVE-2011-2977

Published: Aug 9, 2011Modified: Apr 29, 2026

2.1

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 3.9 / Impact: 2.9

Source: NVD

Description

Bugzilla 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 on Windows does not delete the temporary files associated with uploaded attachments, which allows local users to obtain sensitive information by reading these files. NOTE: this issue exists because of a regression in 3.6.

Affected (17)

Products: Mozilla: Bugzilla

Mozilla

1 product

Bugzilla

Configuration A

17 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mozilla Bugzilla	Version 3.6.0
Mozilla Bugzilla	Version 3.6.1
Mozilla Bugzilla	Version 3.6.2
Mozilla Bugzilla	Version 3.6.3
Mozilla Bugzilla	Version 3.6.4
Mozilla Bugzilla	Version 3.6.5
Mozilla Bugzilla	Version 3.7.1
Mozilla Bugzilla	Version 3.7.2
Mozilla Bugzilla	Version 3.7.3
Mozilla Bugzilla	Version 3.7
Mozilla Bugzilla	Version 4.0.1
Mozilla Bugzilla	Version 4.0
Mozilla Bugzilla	Version 4.0 rc1
Mozilla Bugzilla	Version 4.0 rc2
Mozilla Bugzilla	Version 4.1.1
Mozilla Bugzilla	Version 4.1.2
Mozilla Bugzilla	Version 4.1