Closed Bug 295841 Opened 20 years ago Closed 18 years ago

Mozilla Foundation Security Advisories page is missing many security-related bugs

Categories

(www.mozilla.org :: General, defect)

Product:
www.mozilla.org
Component:
General
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: bmo, Assigned: dveditz)

References

(
URL
)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4

It looks like some old security-related bugs slipped through the cracks along
the way to the current
http://www.mozilla.org/projects/security/known-vulnerabilities.html .  i see the
following bugs that need to be documented there:

From http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html (and
bug 142254 comment 7): 
bug 88183
bug 104472
bug 125583
bug 135267
bug 148256
bug 148269
bug 148520
bug 149943
bug 150339
bug 151933
bug 152697
bug 152725
bug 154030
bug 154240
bug 154930
bug 157202
bug 157652
bug 157845

From bug 248511 dependencies:
bug 69070
bug 234416
bug 244177 (is this even security-related?)
bug 249322
bug 251297
bug 259708
bug 263263
bug 264388
bug 264560
bug 265668
bug 265921 (still closed to public, but fixed)
bug 267122 (still closed to public, open)
bug 268483
bug 271209
bug 273498

Reproducible: Always

Steps to Reproduce:
I'm not going to bother with the 1.0.1 bugs. First Asa's list was based on a
quick query of bugs that once had the security flag, which is no guarantee it
was actually a security bug. A few of those are invalid and wontfix which shows
the general problems with the list.

104472 was actually fixed by bug 141061 which was listed
125583 was popups, not an exploit
151933 was not shown to be exploitable
152697 was a proactive fix
bug 152725 ought to have been listed
bug 154030 ought to have been listed
bug 154930 ought to have been listed
157202 was lumped with 155222 on the vulnerabilities page

As the top of the page says, though, "This is not meant as an exhaustive list of
all security-related bugs."

I'll double-check the more recent list when I have time. Several of those were
not security holes, and I'm pretty sure a couple are in fact covered.
Assignee: mozilla.webmaster → dveditz
QA Contact: danielwang → www-mozilla-org
Status: UNCONFIRMED → RESOLVED
Closed: 18 years ago
Resolution: --- → WONTFIX
Product: mozilla.org → Websites
Component: www.mozilla.org → General
Product: Websites → www.mozilla.org
You need to log in before you can comment on or make changes to this bug.