Created attachment 8538587 [details] dr1.PNG User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 Steps to reproduce: Browse to https://crash-stats-prod.zlb.phx.mozilla.net/. Actual results: This shows a complete directory listing of crash reports, .sh files, internal test files, etc. Expected results: I am not sure if this is intentionally made public or not. In case this was intentionaly public, obviously not a bug. Otherwise should be patched on immediate basis, as information being disclosed sounds a bit critical. Thank you.
Crash stats are publicly available here; I guess nothing is sensitive. https://crash-stats.mozilla.com/home/products/Firefox
Component: Other → General
Product: Websites → Socorro
Version: Production → unspecified
This is exposing only public data (and some scripts to run reports on that public data as well as the resulting reports), and its normal URL is actually https://crash-analysis.mozilla.com/
Okay. Great then.:)
So can this be closed as INVALID? Or what needs to be done here?
Closing as WFM as I don't see anything sensitive.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.