CVE-2012-4747 Information

Description

Bugzilla 2.x and 3.x through 3.6.11 3.7.x and 4.0.x before 4.0.8 4.1.x and 4.2.x before 4.2.3 and 4.3.x before 4.3.3 stores potentially sensitive information under the web root with insufficient access control which allows remote attackers to read (1) template (aka .tmpl) files (2) other custom extension files under extensions/ or (3) custom documentation files under docs/ via a direct request.

Reference

http://www.bugzilla.org/security/3.6.10/ https://bugzilla.mozilla.org/show_bug.cgi?id=785511 https://bugzilla.mozilla.org/show_bug.cgi?id=785522