Closed
Bug 1251154
Opened 8 years ago
Closed 8 years ago
Possible Information Disclosure at bugzilla.mozilla.org
Categories
(bugzilla.mozilla.org :: General, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: decoderph27, Unassigned)
Details
Attachments
(1 file)
313.95 KB,
image/png
|
Details |
User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:44.0) Gecko/20100101 Firefox/44.0 Build ID: 20160210153822 Steps to reproduce: Hi there, I have found a possible information disclosure in https://bugzilla.mozilla.org. I was originally looking for an XSS bug as I was entering this XSS payload: <img class="emoji" alt="
Comment 1•8 years ago
|
||
Not sure if this is actually exploitable in any way (I'd expect the schema info to be public given bugzilla is open source, and so far this doesn't look like sql injection?) or if this is a bugzilla or a bmo issue, but moving it in the right direction, at least. Dylan or David, can you triage / look into this further? Thanks!
Group: firefox-core-security → bugzilla-security
Component: Untriaged → General
Flags: needinfo?(dylan)
Flags: needinfo?(dkl)
Product: Firefox → bugzilla.mozilla.org
Version: 44 Branch → Production
as gijs guessed, this doesn't expose any information that isn't already public.
Group: bugzilla-security
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Flags: needinfo?(dylan)
Flags: needinfo?(dkl)
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•