Created attachment 8723426 [details] Screen Shot 02-25-16 at 02.47 PM.PNG User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:44.0) Gecko/20100101 Firefox/44.0 Build ID: 20160210153822 Steps to reproduce: Hi there, I have found a possible information disclosure in https://bugzilla.mozilla.org. I was originally looking for an XSS bug as I was entering this XSS payload: <img class="emoji" alt="
Not sure if this is actually exploitable in any way (I'd expect the schema info to be public given bugzilla is open source, and so far this doesn't look like sql injection?) or if this is a bugzilla or a bmo issue, but moving it in the right direction, at least. Dylan or David, can you triage / look into this further? Thanks!
as gijs guessed, this doesn't expose any information that isn't already public.