A valid bit.ly API key (48ecf90304d70f30729abe82dfea1dd8a11c4584) was found hardcoded in the following Mozilla asset location: https://probes.telemetry.mozilla.org/static/js/main.e92545e1.chunk.js This API key allows for the creation of bit.ly links: https://api-ssl.bitly.com/v3/shorten?access_token=48ecf90304d70f30729abe82dfea1dd8a11c4584&longUrl=https://www.google.com {"status_code":200,"status_txt":"OK","data":{"url":"https://bit.ly/3kniZ7p","hash":"3kniZ7p","global_hash":"3hQYj","long_url":"https://www.google.com/","new_hash":0}} This API key also allows for the retrieval of information from a shortlink: curl -H 'Authorization: Bearer 48ecf90304d70f30729abe82dfea1dd8a11c4584' -X GET https://api-ssl.bitly.com/v4/bitlinks/bit.ly/3kniZ7p {"created_at":"2022-04-29T14:08:51+0000","id":"bit.ly/3kniZ7p","link":"https://bit.ly/3kniZ7p","custom_bitlinks":[],"long_url":"https://www.google.com/","title":"Google","archived":false,"created_by":"o_7tijrtg215","client_id":"a5e8cebb233c5d07e5c553e917dffb92fec5264d","tags":[],"deeplinks":[],"references":{"group":"https://api-ssl.bitly.com/v4/groups/Be5m7y2RZXD"}} It may also be possible to update already created short links in order to redirect users to unexpected locations. Please see the API documentation at https://dev.bitly.com/api-reference for more information on how this key may be abused. Thank you.
Bug 1767030 Comment 0 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
A valid bit.ly API key (48ecf90304d70f30729abe82dfea1dd8a11c4584) was found hardcoded in the following Mozilla asset location: https://probes.telemetry.mozilla.org/static/js/main.e92545e1.chunk.js This API key allows for the creation of bit.ly links: https://api-ssl.bitly.com/v3/shorten?access_token=48ecf90304d70f30729abe82dfea1dd8a11c4584&longUrl=https://www.google.com ``` {"status_code":200,"status_txt":"OK","data":{"url":"https://bit.ly/3kniZ7p","hash":"3kniZ7p","global_hash":"3hQYj","long_url":"https://www.google.com/","new_hash":0}} ``` This API key also allows for the retrieval of information from a shortlink: curl -H 'Authorization: Bearer 48ecf90304d70f30729abe82dfea1dd8a11c4584' -X GET https://api-ssl.bitly.com/v4/bitlinks/bit.ly/3kniZ7p ``` {"created_at":"2022-04-29T14:08:51+0000","id":"bit.ly/3kniZ7p","link":"https://bit.ly/3kniZ7p","custom_bitlinks":[],"long_url":"https://www.google.com/","title":"Google","archived":false,"created_by":"o_7tijrtg215","client_id":"a5e8cebb233c5d07e5c553e917dffb92fec5264d","tags":[],"deeplinks":[],"references":{"group":"https://api-ssl.bitly.com/v4/groups/Be5m7y2RZXD"}} ``` It may also be possible to update already created short links in order to redirect users to unexpected locations. Please see the API documentation at https://dev.bitly.com/api-reference for more information on how this key may be abused. Thank you.