Security breach of Mozilla Evangelism

VERIFIED INVALID

Status

--
critical
VERIFIED INVALID
17 years ago
4 years ago

People

(Reporter: kristen_m, Assigned: doronr)

Tracking

Details

(URL)

(Reporter)

Description

17 years ago
There exists a major security flaw in user authentication and access 
privelages at Mozillazine.org.  Currently, a person who is not actively 
evangelizing Mozilla can read content at Mozillazine.org.  Even worse is that 
such a person is able to wholeheartedly disagree with someone via a simple 
form submission.

Steps to reproduce:

1.  Go to http://www.mozillazine.org

2.  Say something that makes the regulars think a little.  Not something 
like 'Moz Rulez' or 'IE sucks', but rather, something that inspires a bit of 
stimulation to ones nuerons.

3.  Wait a bit.

4.  Eventually, a mozilla.org person comes along to challenge why you are 
reading content there and posting information that doesn't fall in line with 
what they happen to think.

Solution:

1.  Password protect Mozillazine.

2.  Perform thorough background checks on all current and future visitors of 
Mozillazine.

3.  Only issue passwords to applicants who are found to agree with everyone 
else.


I believe in order to attain a community in which everyone agrees with 
everyone else that the above remedy is a must.  ;)
.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 17 years ago
Resolution: --- → INVALID

Comment 2

17 years ago
I agree with this bug. It's not invalid.

We have similar checks in place at bugzilla.mozilla.org. mozillazine.org is used
to publish daily build comments, so it is a critical information source for
Mozilla testers. We cannot tolerate that troublemakers distrub, distract and
enrage dedicated Mozilla testers from their work and cause them to feel urged to
defend Mozilla, which substracts from their time to test Mozilla and
additionally demotivates them. We need to let our Mozilla testers know that they
have strong support, without anyone attacking them from the back.
(Assignee)

Comment 3

17 years ago
verified FUCKOFF
Status: RESOLVED → VERIFIED
Product: Tech Evangelism → Tech Evangelism Graveyard
You need to log in before you can comment on or make changes to this bug.