Detection of local files at https://testpilot.firefox.com

RESOLVED INVALID

Status

Websites
Other
RESOLVED INVALID
10 months ago
10 months ago

People

(Reporter: Saurabh, Unassigned)

Tracking

unspecified
Bug Flags:
sec-bounty -

Details

(Whiteboard: [reporter-external] [web-bounty-form] [verif?], URL)

(Reporter)

Description

10 months ago
1. Go to: https://testpilot.firefox.com
2. Attach a local proxy to the browser.
3. Click on Install the Test Pilot Add on
4. The HTTP Request goes to: https://testpilot.firefox.com/static/addon/addon.xpi
5. Intercept the response to this request.
6. Observe that server side module and file names are disclosed in the body of the response.
Flags: sec-bounty?
(Reporter)

Updated

10 months ago
Status: UNCONFIRMED → RESOLVED
Last Resolved: 10 months ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1334809

Comment 2

10 months ago
> 6. Observe that server side module and file names are disclosed in the body of the response.

I'm not seeing anything being disclosed. Please be more specific.
At any rate, this isn't a security issue.
Group: websites-security
Flags: sec-bounty? → sec-bounty-
Resolution: DUPLICATE → INVALID
You need to log in before you can comment on or make changes to this bug.