SENDING MAIL FROM MAIL.MOZILLA.ORG

RESOLVED INVALID

Status

Infrastructure & Operations
Infrastructure: Mail
RESOLVED INVALID
2 years ago
2 years ago

People

(Reporter: Darksnipper, Unassigned)

Tracking

Details

Attachments

(1 attachment)

(Reporter)

Description

2 years ago
Created attachment 8771641 [details]
MOZ.png

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0
Build ID: 20160604131506

Steps to reproduce:

THROUGH TELNET MAIL.MOZILLA.ORG 25 WE ARE ABLE TO LOGIN FROM VALID EMAILS OF MOZILLA. I THINK THIS COULD BE USED TO PERFORM MALICIOUS ACTIVITIES


Actual results:

THIS COULD BE USED MALICIOUSLY TO PERFORM ANY MALICIOUS TASK

Comment 1

2 years ago
Julien/Ludo, can you look at this and/or forward to the appropriate folks? Thanks.
Assignee: nobody → infra
Group: firefox-core-security → mozilla-employee-confidential
Component: Untriaged → Infrastructure: Mail
Flags: needinfo?(ludovic)
Flags: needinfo?(jvehent)
Product: Firefox → Infrastructure & Operations
QA Contact: limed
Version: 47 Branch → unspecified
I don't think any security issue in this bug. For now it only describes a basic mechanism of smtp servers: you can talk to port 25 from anywhere.

$ nc mail.mozilla.org 25
220 mailman1.mail.scl3.mozilla.com ESMTP Postfix


I'll close as invalid. Reporter can reopen if he find an actual vulnerability.

(also, please, don't use CAPS LOCK)
Status: UNCONFIRMED → RESOLVED
Last Resolved: 2 years ago
Flags: needinfo?(ludovic)
Flags: needinfo?(jvehent)
Resolution: --- → INVALID
Group: mozilla-employee-confidential
You need to log in before you can comment on or make changes to this bug.