Closed Bug 1251154 Opened 8 years ago Closed 8 years ago

Possible Information Disclosure at bugzilla.mozilla.org

Categories

(bugzilla.mozilla.org :: General, defect)

Production
defect
Not set
normal

Tracking

()

RESOLVED INVALID

People

(Reporter: decoderph27, Unassigned)

Details

Attachments

(1 file)

User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:44.0) Gecko/20100101 Firefox/44.0
Build ID: 20160210153822

Steps to reproduce:

Hi there, I have found a possible information disclosure in https://bugzilla.mozilla.org.
I was originally looking for an XSS bug as I was entering this XSS payload:
<img class="emoji" alt="
Not sure if this is actually exploitable in any way (I'd expect the schema info to be public given bugzilla is open source, and so far this doesn't look like sql injection?) or if this is a bugzilla or a bmo issue, but moving it in the right direction, at least. Dylan or David, can you triage / look into this further? Thanks!
Group: firefox-core-security → bugzilla-security
Component: Untriaged → General
Flags: needinfo?(dylan)
Flags: needinfo?(dkl)
Product: Firefox → bugzilla.mozilla.org
Version: 44 Branch → Production
as gijs guessed, this doesn't expose any information that isn't already public.
Group: bugzilla-security
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Flags: needinfo?(dylan)
Flags: needinfo?(dkl)
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: