Created attachment 8771641 [details] MOZ.png User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0 Build ID: 20160604131506 Steps to reproduce: THROUGH TELNET MAIL.MOZILLA.ORG 25 WE ARE ABLE TO LOGIN FROM VALID EMAILS OF MOZILLA. I THINK THIS COULD BE USED TO PERFORM MALICIOUS ACTIVITIES Actual results: THIS COULD BE USED MALICIOUSLY TO PERFORM ANY MALICIOUS TASK
Julien/Ludo, can you look at this and/or forward to the appropriate folks? Thanks.
Assignee: nobody → infra
Group: firefox-core-security → mozilla-employee-confidential
Component: Untriaged → Infrastructure: Mail
Product: Firefox → Infrastructure & Operations
QA Contact: limed
Version: 47 Branch → unspecified
I don't think any security issue in this bug. For now it only describes a basic mechanism of smtp servers: you can talk to port 25 from anywhere. $ nc mail.mozilla.org 25 220 mailman1.mail.scl3.mozilla.com ESMTP Postfix I'll close as invalid. Reporter can reopen if he find an actual vulnerability. (also, please, don't use CAPS LOCK)
Status: UNCONFIRMED → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.