CVE-2012-4199 [Medium] | Information Disclosure in Bugzilla

template/en/default/bug/field-events.js.tmpl in Bugzilla 3.x before 3.6.12, 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1 generates JavaScript function calls containing private product names or private component names in certain circumstances involving custom-field visibility control, which allows remote attackers to obtain sensitive information by reading HTML source code.

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-06-15	0.32%	0.96%	+0.64%
2	2025-03-30	0.38%	0.32%	-0.06%
3	2025-03-29	—	0.38%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2026-06-15

0.32%

0.96%

+0.64%

2025-03-30

0.38%

0.32%

-0.06%

2025-03-29

—

0.38%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
4.3	2.0	MEDIUM	`AV:N/AC:M/Au:N/C:P/I:N/A:N` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:M) Exploitation needs some favorable conditions, but not exceptional ones. Authentication (AU:N) No authentication is required. Confidentiality impact (C:P) Partial confidentiality impact. Integrity impact (I:N) No integrity impact. Availability impact (A:N) No availability impact.	8.6	2.9	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

4.3

2.0

MEDIUM

AV:N/AC:M/Au:N/C:P/I:N/A:N Click to expand

Access vector (AV:N): Can be exploited remotely over network reachability.
Access complexity (AC:M): Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N): No authentication is required.
Confidentiality impact (C:P): Partial confidentiality impact.
Integrity impact (I:N): No integrity impact.
Availability impact (A:N): No availability impact.

8.6

2.9

[email protected]

OS Trackers for CVE-2012-4199

vendor	priority	summary	link
`ubuntu`	low	CVE-2012-4199 low priority: Ubuntu including 1 source packages (bugzilla), 8 status rows across 8 suites (hardy, lucid, oneiric, precise, quantal, raring, saucy, upstream): DNE 4, ignored 3, needs-triage 1.	https://ubuntu.com/security/CVE-2012-4199

Affected software / configurations for CVE-2012-4199

Vendor	Product	Version	Raw CPE
mozilla	bugzilla	<= 3.6.11	cpe:2.3:a:mozilla:bugzilla::::::::
mozilla	bugzilla	3.0	cpe:2.3:a:mozilla:bugzilla:3.0:::::::*
mozilla	bugzilla	3.0	cpe:2.3:a:mozilla:bugzilla:3.0:rc1::::::
mozilla	bugzilla	3.0.0	cpe:2.3:a:mozilla:bugzilla:3.0.0:::::::*
mozilla	bugzilla	3.0.1	cpe:2.3:a:mozilla:bugzilla:3.0.1:::::::*
mozilla	bugzilla	3.0.2	cpe:2.3:a:mozilla:bugzilla:3.0.2:::::::*
mozilla	bugzilla	3.0.3	cpe:2.3:a:mozilla:bugzilla:3.0.3:::::::*
mozilla	bugzilla	3.0.4	cpe:2.3:a:mozilla:bugzilla:3.0.4:::::::*
mozilla	bugzilla	3.0.5	cpe:2.3:a:mozilla:bugzilla:3.0.5:::::::*
mozilla	bugzilla	3.0.6	cpe:2.3:a:mozilla:bugzilla:3.0.6:::::::*
mozilla	bugzilla	3.0.7	cpe:2.3:a:mozilla:bugzilla:3.0.7:::::::*
mozilla	bugzilla	3.0.8	cpe:2.3:a:mozilla:bugzilla:3.0.8:::::::*
mozilla	bugzilla	3.0.9	cpe:2.3:a:mozilla:bugzilla:3.0.9:::::::*
mozilla	bugzilla	3.0.10	cpe:2.3:a:mozilla:bugzilla:3.0.10:::::::*
mozilla	bugzilla	3.0.11	cpe:2.3:a:mozilla:bugzilla:3.0.11:::::::*
mozilla	bugzilla	3.1.0	cpe:2.3:a:mozilla:bugzilla:3.1.0:::::::*
mozilla	bugzilla	3.1.1	cpe:2.3:a:mozilla:bugzilla:3.1.1:::::::*
mozilla	bugzilla	3.1.2	cpe:2.3:a:mozilla:bugzilla:3.1.2:::::::*
mozilla	bugzilla	3.1.3	cpe:2.3:a:mozilla:bugzilla:3.1.3:::::::*
mozilla	bugzilla	3.1.4	cpe:2.3:a:mozilla:bugzilla:3.1.4:::::::*
mozilla	bugzilla	3.2	cpe:2.3:a:mozilla:bugzilla:3.2:::::::*
mozilla	bugzilla	3.2	cpe:2.3:a:mozilla:bugzilla:3.2:rc1::::::
mozilla	bugzilla	3.2	cpe:2.3:a:mozilla:bugzilla:3.2:rc2::::::
mozilla	bugzilla	3.2.1	cpe:2.3:a:mozilla:bugzilla:3.2.1:::::::*
mozilla	bugzilla	3.2.2	cpe:2.3:a:mozilla:bugzilla:3.2.2:::::::*
mozilla	bugzilla	3.2.3	cpe:2.3:a:mozilla:bugzilla:3.2.3:::::::*
mozilla	bugzilla	3.2.4	cpe:2.3:a:mozilla:bugzilla:3.2.4:::::::*
mozilla	bugzilla	3.2.5	cpe:2.3:a:mozilla:bugzilla:3.2.5:::::::*
mozilla	bugzilla	3.2.6	cpe:2.3:a:mozilla:bugzilla:3.2.6:::::::*
mozilla	bugzilla	3.2.7	cpe:2.3:a:mozilla:bugzilla:3.2.7:::::::*
mozilla	bugzilla	3.2.8	cpe:2.3:a:mozilla:bugzilla:3.2.8:::::::*
mozilla	bugzilla	3.2.9	cpe:2.3:a:mozilla:bugzilla:3.2.9:::::::*
mozilla	bugzilla	3.2.10	cpe:2.3:a:mozilla:bugzilla:3.2.10:::::::*
mozilla	bugzilla	3.3	cpe:2.3:a:mozilla:bugzilla:3.3:::::::*
mozilla	bugzilla	3.3.1	cpe:2.3:a:mozilla:bugzilla:3.3.1:::::::*
mozilla	bugzilla	3.3.2	cpe:2.3:a:mozilla:bugzilla:3.3.2:::::::*
mozilla	bugzilla	3.3.3	cpe:2.3:a:mozilla:bugzilla:3.3.3:::::::*
mozilla	bugzilla	3.3.4	cpe:2.3:a:mozilla:bugzilla:3.3.4:::::::*
mozilla	bugzilla	3.4	cpe:2.3:a:mozilla:bugzilla:3.4:::::::*
mozilla	bugzilla	3.4	cpe:2.3:a:mozilla:bugzilla:3.4:rc1::::::
mozilla	bugzilla	3.4.1	cpe:2.3:a:mozilla:bugzilla:3.4.1:::::::*
mozilla	bugzilla	3.4.2	cpe:2.3:a:mozilla:bugzilla:3.4.2:::::::*
mozilla	bugzilla	3.4.3	cpe:2.3:a:mozilla:bugzilla:3.4.3:::::::*
mozilla	bugzilla	3.4.4	cpe:2.3:a:mozilla:bugzilla:3.4.4:::::::*
mozilla	bugzilla	3.4.5	cpe:2.3:a:mozilla:bugzilla:3.4.5:::::::*
mozilla	bugzilla	3.4.6	cpe:2.3:a:mozilla:bugzilla:3.4.6:::::::*
mozilla	bugzilla	3.4.7	cpe:2.3:a:mozilla:bugzilla:3.4.7:::::::*
mozilla	bugzilla	3.4.8	cpe:2.3:a:mozilla:bugzilla:3.4.8:::::::*
mozilla	bugzilla	3.4.9	cpe:2.3:a:mozilla:bugzilla:3.4.9:::::::*
mozilla	bugzilla	3.4.10	cpe:2.3:a:mozilla:bugzilla:3.4.10:::::::*
mozilla	bugzilla	3.4.11	cpe:2.3:a:mozilla:bugzilla:3.4.11:::::::*
mozilla	bugzilla	3.4.12	cpe:2.3:a:mozilla:bugzilla:3.4.12:::::::*
mozilla	bugzilla	3.4.13	cpe:2.3:a:mozilla:bugzilla:3.4.13:::::::*
mozilla	bugzilla	3.5	cpe:2.3:a:mozilla:bugzilla:3.5:::::::*
mozilla	bugzilla	3.5.1	cpe:2.3:a:mozilla:bugzilla:3.5.1:::::::*
mozilla	bugzilla	3.5.2	cpe:2.3:a:mozilla:bugzilla:3.5.2:::::::*
mozilla	bugzilla	3.5.3	cpe:2.3:a:mozilla:bugzilla:3.5.3:::::::*
mozilla	bugzilla	3.6	cpe:2.3:a:mozilla:bugzilla:3.6:::::::*
mozilla	bugzilla	3.6	cpe:2.3:a:mozilla:bugzilla:3.6:rc1::::::
mozilla	bugzilla	3.6.0	cpe:2.3:a:mozilla:bugzilla:3.6.0:::::::*
mozilla	bugzilla	3.6.1	cpe:2.3:a:mozilla:bugzilla:3.6.1:::::::*
mozilla	bugzilla	3.6.2	cpe:2.3:a:mozilla:bugzilla:3.6.2:::::::*
mozilla	bugzilla	3.6.3	cpe:2.3:a:mozilla:bugzilla:3.6.3:::::::*
mozilla	bugzilla	3.6.4	cpe:2.3:a:mozilla:bugzilla:3.6.4:::::::*
mozilla	bugzilla	3.6.5	cpe:2.3:a:mozilla:bugzilla:3.6.5:::::::*
mozilla	bugzilla	3.6.6	cpe:2.3:a:mozilla:bugzilla:3.6.6:::::::*
mozilla	bugzilla	3.6.7	cpe:2.3:a:mozilla:bugzilla:3.6.7:::::::*
mozilla	bugzilla	3.6.8	cpe:2.3:a:mozilla:bugzilla:3.6.8:::::::*
mozilla	bugzilla	3.6.9	cpe:2.3:a:mozilla:bugzilla:3.6.9:::::::*
mozilla	bugzilla	3.6.10	cpe:2.3:a:mozilla:bugzilla:3.6.10:::::::*
mozilla	bugzilla	3.7	cpe:2.3:a:mozilla:bugzilla:3.7:::::::*
mozilla	bugzilla	3.7.1	cpe:2.3:a:mozilla:bugzilla:3.7.1:::::::*
mozilla	bugzilla	3.7.2	cpe:2.3:a:mozilla:bugzilla:3.7.2:::::::*
mozilla	bugzilla	3.7.3	cpe:2.3:a:mozilla:bugzilla:3.7.3:::::::*
mozilla	bugzilla	4.0	cpe:2.3:a:mozilla:bugzilla:4.0:::::::*
mozilla	bugzilla	4.0	cpe:2.3:a:mozilla:bugzilla:4.0:rc1::::::
mozilla	bugzilla	4.0	cpe:2.3:a:mozilla:bugzilla:4.0:rc2::::::
mozilla	bugzilla	4.0.1	cpe:2.3:a:mozilla:bugzilla:4.0.1:::::::*
mozilla	bugzilla	4.0.2	cpe:2.3:a:mozilla:bugzilla:4.0.2:::::::*
mozilla	bugzilla	4.0.3	cpe:2.3:a:mozilla:bugzilla:4.0.3:::::::*

References for CVE-2012-4199

URL	Tags
http://www.bugzilla.org/security/3.6.11/	Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2013:066
https://bugzilla.mozilla.org/show_bug.cgi?id=731178
https://exchange.xforce.ibmcloud.com/vulnerabilities/80029

URL

CVE-2012-4199

Exploit prediction scoring system (EPSS) score for CVE-2012-4199

Common vulnerability scoring system (CVSS) metrics for CVE-2012-4199

Weakness enumeration for CVE-2012-4199

OS Trackers for CVE-2012-4199

Affected software / configurations for CVE-2012-4199

References for CVE-2012-4199