Bug 256195 (sbb?)

Security Bug Bounty: nominated

RESOLVED WORKSFORME

Status

()

RESOLVED WORKSFORME
15 years ago
3 years ago

People

(Reporter: dveditz, Assigned: dveditz)

Tracking

(Depends on: 2 bugs, {meta, sec-other})

Trunk
meta, sec-other
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [sg:nse] meta)

(Assignee)

Description

15 years ago
 
(Assignee)

Comment 1

15 years ago
Meta bug to track security bug bounty nominations. Once decided they should be
moved to either the Awarded or Rejected tracking bugs.
Whiteboard: [sg:meta]
(Assignee)

Updated

15 years ago
Alias: sbb?
(Assignee)

Updated

15 years ago
Depends on: 245066
(Assignee)

Updated

15 years ago
Depends on: 255067
(Assignee)

Updated

15 years ago
Depends on: 249004
(Assignee)

Updated

15 years ago
Status: NEW → ASSIGNED
(Assignee)

Updated

15 years ago
Depends on: 256316
(Assignee)

Updated

15 years ago
Depends on: 257314
(Assignee)

Updated

15 years ago
Depends on: 258005
(Assignee)

Updated

14 years ago
Depends on: 258173
(Assignee)

Comment 2

14 years ago
Initial bug bounty awards:

Marcel Boesch, for bug 249004

Gaël Delalleau, two for bug 245066 and bug 255067

Mats Palmgren and Gaël Delalleau split one for bug 250900 (trunk) and bug 256316
(1.7/aviary branch)

Georgi Guninski, two for bug 257314 and bug 258005
No longer depends on: 245066, 249004, 255067, 256316, 257314, 258005
(Assignee)

Updated

14 years ago
Blocks: 256197, 256199
(Assignee)

Comment 3

14 years ago
Bug 258173 is not a remote exploit, a bounty will not be awarded.
No longer blocks: 256197, 256199
No longer depends on: 258173
(Assignee)

Comment 4

14 years ago
bug 259403 requires Java, does not qualify for bug bounty.
(Assignee)

Updated

14 years ago
Depends on: 260140
(Assignee)

Updated

14 years ago
Depends on: 260560
(Assignee)

Updated

14 years ago
Depends on: 259708
(Assignee)

Updated

14 years ago
No longer depends on: 259708
(Assignee)

Updated

14 years ago
Depends on: 264388
(Assignee)

Updated

14 years ago
Depends on: 266140
(Assignee)

Updated

14 years ago
Depends on: 272381
(Assignee)

Updated

14 years ago
No longer depends on: 272381
(Assignee)

Updated

14 years ago
Depends on: 273419
(Assignee)

Updated

14 years ago
Depends on: 273116
(Assignee)

Updated

14 years ago
No longer depends on: 273419
(Assignee)

Updated

14 years ago
Depends on: 279099
(Assignee)

Updated

14 years ago
Depends on: 279945
(Assignee)

Updated

14 years ago
Depends on: 280664
(Assignee)

Updated

14 years ago
Depends on: 258048
(Assignee)

Updated

14 years ago
Depends on: 268820
(Assignee)

Updated

14 years ago
Depends on: 280056
(Assignee)

Updated

14 years ago
Depends on: 288556
(Assignee)

Updated

14 years ago
Depends on: 288732
(Assignee)

Updated

14 years ago
No longer depends on: 288732
(Assignee)

Updated

14 years ago
(Assignee)

Updated

14 years ago
Depends on: 290324
(Assignee)

Updated

14 years ago
Depends on: 290162
(Assignee)

Updated

14 years ago
Depends on: 289675
(Assignee)

Updated

14 years ago
Depends on: 290079
(Assignee)

Updated

14 years ago
Depends on: 290908
(Assignee)

Updated

14 years ago
Depends on: 290949
(Assignee)

Updated

14 years ago
No longer depends on: 260560
(Assignee)

Updated

14 years ago
No longer depends on: 279945
(Assignee)

Updated

14 years ago
No longer depends on: 280056
(Assignee)

Updated

14 years ago
No longer depends on: 280664
(Assignee)

Comment 5

14 years ago
Michael Krax was awarded five bounties: firespoofing (bug 260560), firedragging
(bug 279945), firetabbing (bug 280056), fireflashing (bug 280664) and
firescrolling2 (bug 288164).
(Assignee)

Comment 6

14 years ago
bug 268820 is a duplicate of bug 265668
Depends on: 265668
(Assignee)

Updated

14 years ago
No longer depends on: 268820
(Assignee)

Updated

14 years ago
Depends on: 290982
(Assignee)

Updated

14 years ago
Depends on: 292691
(Assignee)

Updated

14 years ago
Depends on: 292499
(Assignee)

Updated

14 years ago
Depends on: 291745
(Assignee)

Updated

14 years ago
Depends on: 291314
(Assignee)

Updated

14 years ago
No longer depends on: 289074
(Assignee)

Comment 7

14 years ago
Catching up on Firefox 1.0.2 and 1.0.3 era Bounties awarded.
(Assignee)

Updated

14 years ago
Depends on: 291640
(Assignee)

Updated

14 years ago
Depends on: 291651
(Assignee)

Updated

14 years ago
Depends on: 292624
(Assignee)

Updated

14 years ago
Depends on: 292737
(Assignee)

Updated

14 years ago
Depends on: 292789
(Assignee)

Updated

14 years ago
Depends on: 292937
(Assignee)

Updated

14 years ago
Depends on: 293424
(Assignee)

Updated

14 years ago
Depends on: 293527
(Assignee)

Updated

14 years ago
Depends on: 295011
(Assignee)

Updated

14 years ago
Depends on: 292591
(Assignee)

Updated

14 years ago
Depends on: 291150
(Assignee)

Updated

14 years ago
Depends on: 294795
(Assignee)

Updated

14 years ago
Depends on: 294074
(Assignee)

Updated

14 years ago
No longer depends on: 273116
(Assignee)

Updated

14 years ago
No longer depends on: 279099
(Assignee)

Updated

14 years ago
Depends on: 295854
(Assignee)

Updated

14 years ago
Depends on: 296704
(Assignee)

Updated

14 years ago
Depends on: 299450
(Assignee)

Updated

14 years ago
Depends on: 293331
(Assignee)

Updated

14 years ago
Depends on: 305335
(Assignee)

Updated

13 years ago
Depends on: 307259
(Assignee)

Updated

13 years ago
Depends on: 304754
(Assignee)

Updated

13 years ago
Depends on: 311025
(Assignee)

Updated

13 years ago
Depends on: 311403
(Assignee)

Updated

13 years ago
Depends on: 311455
(Assignee)

Updated

13 years ago
Depends on: 311962
(Assignee)

Updated

13 years ago
Depends on: 311024
(Assignee)

Updated

13 years ago
Depends on: 311792
(Assignee)

Updated

13 years ago
Depends on: 311497
(Assignee)

Updated

13 years ago
Depends on: 313370
(Assignee)

Updated

13 years ago
Depends on: 313630
(Assignee)

Updated

13 years ago
Depends on: 313684
(Assignee)

Comment 8

13 years ago
Tom Ferris awarded a bounty for bug 307259
(Assignee)

Updated

13 years ago
No longer depends on: 307259
(Assignee)

Updated

13 years ago
Depends on: 313366
(Assignee)

Updated

13 years ago
Depends on: 314865
(Assignee)

Updated

13 years ago
Depends on: 313763
(Assignee)

Updated

13 years ago
Depends on: 306261
(Assignee)

Updated

13 years ago
Depends on: 296514

Comment 9

13 years ago
heatsync asked me about https://bugzilla.mozilla.org/show_bug.cgi?id=315004
Depends on: 315004

Updated

13 years ago
Whiteboard: [sg:meta] → [sg:nse] meta
(Assignee)

Updated

13 years ago
Depends on: 317380
(Assignee)

Updated

13 years ago
Depends on: 331334
(Assignee)

Updated

13 years ago
Depends on: 334977
(Assignee)

Updated

13 years ago
Depends on: 338288
(Assignee)

Updated

13 years ago
Depends on: 338804
(Assignee)

Updated

13 years ago
Depends on: 340198
(Assignee)

Updated

13 years ago
Depends on: 340107
(Assignee)

Updated

13 years ago
Depends on: 344759
Dan, 
if bug 340198 qualifies for a bounty, then so do bug 240261 and bug 308244 IMO.
They're all duplicates of one another, unrecongized as such (until now) 
because they are all marked security sensitive.
(Assignee)

Comment 11

13 years ago
This is the "nominated" list, doesn't mean we're awarding anything yet.

But in fact 340198 isn't a pure duplicate, it combines the behavior described in those older spoofing bugs with the software update system to describe a different blended attack. Also bug 340198 could be solved in ways that don't require solving those other bugs, such as by shipping with the "one true cert" for update.
(Assignee)

Updated

13 years ago
Depends on: 338523
(Assignee)

Updated

12 years ago
Depends on: 355655

Updated

12 years ago
Depends on: 374570
(Assignee)

Comment 12

10 years ago
This bug isn't being used anymore
Status: ASSIGNED → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → WORKSFORME
(Assignee)

Updated

6 years ago
Group: javascript-core-security
(Assignee)

Updated

6 years ago
Group: javascript-core-security
Keywords: sec-other

Updated

3 years ago
Group: core-security → core-security-release
(Assignee)

Updated

3 years ago
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.