Possible Information Disclosure at bugzilla.mozilla.org

RESOLVED INVALID

Status

()

bugzilla.mozilla.org
General
RESOLVED INVALID
2 years ago
2 years ago

People

(Reporter: <img class="emoji" alt=", Unassigned)

Tracking

Production

Details

Attachments

(1 attachment)

(Reporter)

Description

2 years ago
Created attachment 8723426 [details]
Screen Shot 02-25-16 at 02.47 PM.PNG

User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:44.0) Gecko/20100101 Firefox/44.0
Build ID: 20160210153822

Steps to reproduce:

Hi there, I have found a possible information disclosure in https://bugzilla.mozilla.org.
I was originally looking for an XSS bug as I was entering this XSS payload:
<img class="emoji" alt="
Not sure if this is actually exploitable in any way (I'd expect the schema info to be public given bugzilla is open source, and so far this doesn't look like sql injection?) or if this is a bugzilla or a bmo issue, but moving it in the right direction, at least. Dylan or David, can you triage / look into this further? Thanks!
Group: firefox-core-security → bugzilla-security
Component: Untriaged → General
Flags: needinfo?(dylan)
Flags: needinfo?(dkl)
Product: Firefox → bugzilla.mozilla.org
Version: 44 Branch → Production
as gijs guessed, this doesn't expose any information that isn't already public.
Group: bugzilla-security
Status: UNCONFIRMED → RESOLVED
Last Resolved: 2 years ago
Flags: needinfo?(dylan)
Flags: needinfo?(dkl)
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.