Closed
Bug 256195
(sbb?)
Opened 20 years ago
Closed 16 years ago
Security Bug Bounty: nominated
Categories
(Core :: Security, defect)
Core
Security
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: dveditz, Assigned: dveditz)
References
Details
(Keywords: meta, sec-other, Whiteboard: [sg:nse] meta)
|
Assignee | |
Comment 1•20 years ago
|
||
Meta bug to track security bug bounty nominations. Once decided they should be moved to either the Awarded or Rejected tracking bugs.
Whiteboard: [sg:meta]
|
|
Assignee | |
Updated•20 years ago
|
Alias: sbb?
|
|
Assignee | |
Updated•20 years ago
|
Status: NEW → ASSIGNED
|
|
Assignee | |
Comment 2•20 years ago
|
||
Initial bug bounty awards: Marcel Boesch, for bug 249004 Gaël Delalleau, two for bug 245066 and bug 255067 Mats Palmgren and Gaël Delalleau split one for bug 250900 (trunk) and bug 256316 (1.7/aviary branch) Georgi Guninski, two for bug 257314 and bug 258005
|
|
Assignee | |
Updated•20 years ago
|
|
|
Assignee | |
Comment 3•20 years ago
|
||
Bug 258173 is not a remote exploit, a bounty will not be awarded.
|
|
Assignee | |
Comment 4•20 years ago
|
||
bug 259403 requires Java, does not qualify for bug bounty.
|
|
Assignee | |
Updated•19 years ago
|
|
|
Assignee | |
Comment 5•19 years ago
|
||
Michael Krax was awarded five bounties: firespoofing (bug 260560), firedragging (bug 279945), firetabbing (bug 280056), fireflashing (bug 280664) and firescrolling2 (bug 288164).
|
|
Assignee | |
Comment 7•19 years ago
|
||
Catching up on Firefox 1.0.2 and 1.0.3 era Bounties awarded.
|
|
Assignee | |
Updated•19 years ago
|
Depends on: CVE-2023-37203
|
|
Assignee | |
Comment 8•19 years ago
|
||
Tom Ferris awarded a bounty for bug 307259
|
||
Comment 9•19 years ago
|
||
heatsync asked me about https://bugzilla.mozilla.org/show_bug.cgi?id=315004
Depends on: 315004
|
||
Updated•19 years ago
|
Whiteboard: [sg:meta] → [sg:nse] meta
|
||
Comment 10•18 years ago
|
||
Dan, if bug 340198 qualifies for a bounty, then so do bug 240261 and bug 308244 IMO. They're all duplicates of one another, unrecongized as such (until now) because they are all marked security sensitive.
|
|
Assignee | |
Comment 11•18 years ago
|
||
This is the "nominated" list, doesn't mean we're awarding anything yet. But in fact 340198 isn't a pure duplicate, it combines the behavior described in those older spoofing bugs with the software update system to describe a different blended attack. Also bug 340198 could be solved in ways that don't require solving those other bugs, such as by shipping with the "one true cert" for update.
|
|
Assignee | |
Comment 12•16 years ago
|
||
This bug isn't being used anymore
Status: ASSIGNED → RESOLVED
Closed: 16 years ago
Resolution: --- → WORKSFORME
|
|
Assignee | |
Updated•11 years ago
|
Group: javascript-core-security
|
||
Updated•9 years ago
|
Group: core-security → core-security-release
|
|
Assignee | |
Updated•9 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•