Closed Bug 1334808 Opened 7 years ago Closed 7 years ago

testpilot.firefox.com

Tracking

(Not tracked)

Status:

RESOLVED INVALID

People

(Reporter: saurabh.banawar, Unassigned)

References

(
URL
)

Details

(Whiteboard: [reporter-external] [web-bounty-form] [verif?])

Saurabh

Reporter

Description

•

7 years ago

1. Go to: https://testpilot.firefox.com
2. Attach a local proxy to the browser.
3. Click on Install the Test Pilot Add on
4. The HTTP Request goes to: https://testpilot.firefox.com/static/addon/addon.xpi
5. Intercept the response to this request.
6. Observe that server side module and file names are disclosed in the body of the response.

Flags: sec-bounty?

Saurabh

Reporter

Updated

•

7 years ago

Status: UNCONFIRMED → RESOLVED

Closed: 7 years ago

Resolution: --- → DUPLICATE

Julien Vehent

Comment 2

•

7 years ago

> 6. Observe that server side module and file names are disclosed in the body of the response.

I'm not seeing anything being disclosed. Please be more specific.
At any rate, this isn't a security issue.

Group: websites-security

Flags: sec-bounty? → sec-bounty-

Resolution: DUPLICATE → INVALID

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Detection of local files at https://testpilot.firefox.com

Categories

(Websites :: Other, defect)

Tracking

(Not tracked)

People

(Reporter: saurabh.banawar, Unassigned)

References

(
URL
)

Details

(Whiteboard: [reporter-external] [web-bounty-form] [verif?])

Crash Data

Security

(public)

User Story

Description

Updated

Comment 2