Chris, Aubrey -- is this site needed anymore? It barely appears in Google, seems unmaintained, has security issues, and I can't find the source repository for it anywhere. It appears to be related to a Mozilla work week back in 2013, but I otherwise can't find much context on it. Unless it is needed for some reason, I would like to remove this site from DNS by the end of the business day. Thanks!
I couldn't remember what this domain was and I looked it up here: https://web.archive.org/web/20140814011107/http://chimein.mozilla.org/ I remember what it was. It was the webRTC demo where users clicking on the globe created a noise that was sent out to all of the other people visiting the site currently. The demo project was eventually killed and I believe it was hosted externally by Aubrey (misteranderson) (who was an external contractor for the marketing group). We should just remove the site from DNS as it isn't needed. Thanks!
Hey there, Yann! Although this site is not on our bounty list (https://www.mozilla.org/en-US/security/bug-bounty/faq-webapp/) and therefore not eligible for a bounty, I'd still like to send you some gear as appreciate for finding these, if you'd like them. I can get you either a hoodie or a shirt/mug/hat/drawstring tote package, whichever you'd prefer. To do so, I'd need your sizing information and mailing address. If you could email them to firstname.lastname@example.org, that would be great. Thanks!
Status: UNCONFIRMED → RESOLVED
Last Resolved: 3 years ago
Flags: sec-bounty? → sec-bounty-
Resolution: --- → FIXED
Hello, thank you for your feedback, and well done for the (very) quick fix ! The domain "chimein" isn't attached to Mozilla anymore, but the vulnerable web application is still accessible with vulnerabilities (https://126.96.36.199/). If there are some others critical vulnerabilities and if this application is hosted on a Mozilla's server, the threat is always present. It is sad that it does not fall within the bug bounty ... Moreover, what are the conditions for inclusion in the Mozilla's Hall of Fame (https://www.mozilla.org/en-US/security/bug-bounty/hall-of-fame/)? I will sent to you by email the information needed (size and mailing address). Thank you again, and have a nice day, Sincerely, Yann CAM
chimein isn't running on Mozilla's infrastructure, it was always on a third party system. I will make sure that you get on the hall of fame this quarter.
Hello, Thank you for your return, and for the Hall of Fame. If I may suggest the following credits: "Yann CAM @ASafety/SYNETIS". Have a nice day, Regards,
You need to log in before you can comment on or make changes to this bug.