Closed Bug 1366546 Opened 8 years ago Closed 8 years ago

Email Spoofing in mozilla.org

Categories

(Websites :: Other, defect)

Product:
Websites
Component:
Other
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1285023

People

(Reporter: abartan, Unassigned)

References

(
URL
)

Details

(Keywords: reporter-external, Whiteboard: [reporter-external] [web-bounty-form] [verif?])

Attachments

(1 file)

One can pretend he is from mozilla and can take over the sensitive information from users.
23.50 KB, image/jpeg
Details
There is an Email Spoofing Vulnerability. Steps to reproduce: 1) Go to http://emkei.cz/ 2) Fill "From Email" field to admin@mozilla.org or any other mozilla email. 3) Fill the victim's address (your address) to "TO" field and fill in other details as you wish. You will receive email from mozilla admin. Reference: https://hackerone.com/reports/575 Thank you for time and consideration you provided for reading my report. The emails hits spam box on gmail and inbox on Yahoo. I am attaching the POC images on my emails Thanks Regards Abartan Dhakal Security Researcher Roshan Labs
Flags: sec-bounty?
This is a known issue with mozilla.org not yet implementing DMARC, but thank you for investigating and participating in our bug bounty program.
Group: websites-security
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
Flags: sec-bounty? → sec-bounty-
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: