Closed Bug 1286352 Opened 8 years ago Closed 8 years ago

DNS Misconfiguration

Categories

(Websites :: Other, defect)

Product:
Websites
Component:
Other
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: mohamed.chamli, Unassigned)

References

(
URL
)

Details

(Whiteboard: [reporter-external] [web-bounty-form] [verif?]) 

akamai.mozilla.org  has address 127.0.0.2 and this may lead to "Same- Site" Scripting.
Here is detailed description of this minor security issue (by Tavis Ormandy): http://www.securityfocus.com/archive/1/486606/30/0/threaded
Flags: sec-bounty?
I think this is an issue with your local resolver, as this domain is not publicized.

$ dig akamai.mozilla.org @8.8.8.8

; <<>> DiG 9.10.3-P4-Ubuntu <<>> akamai.mozilla.org @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 64109
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;akamai.mozilla.org.		IN	A

;; Query time: 44 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Jul 12 16:09:13 EDT 2016
;; MSG SIZE  rcvd: 47
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → INVALID
Flags: sec-bounty? → sec-bounty-
Group: websites-security
You need to log in before you can comment on or make changes to this bug.