User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8b4) Gecko/20050913 SeaMonkey/1.0a Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8b4) Gecko/20050913 SeaMonkey/1.0a This is not a Bugzilla technical problem per se; but well-intentioned misuse of Bugzilla and underlying database features. One major Bugzilla user organization encourages users, when filing bugs or seeking help to submit a host of info: e.g. `uname -a`, compiler (gcc-4.0.2), glibc (glibc-2.3.5), kde (kde-3.5), ipv6, CFLAGS="....", CXXFLAGS=....", OS-headers="184.108.40.206", graphics-card="Savage4", python-2.x.y, etc, etc. I am not a security expert (just a 20 year plus UNIX user) but consider making such detailed info available on the Internet plays potentially into the hands of criminal elements. I have exhausted my powers of persuasion (via their Bugzilla) to get a review started. I do no want to embarass them publicly by disclosing their name here. I hope the Mozilla (Bugzilla) organization would issue a general security alert to Bugzilla administrators to reconsider their policy on colletcting and disseminating sensitive information. Reproducible: Sometimes Steps to Reproduce: 1.Not all users fall into the trap. 2. 3. Actual Results: not applicable Expected Results: not applicable I am at your disposal to help. However I would prefer to do so via direct communication. I have read and agree with your security policy. This is, strictly speaking, not a problem of the Bugzilla Organization. I am just hoping you would look into problem, as I perceive it. I looked at the CERT site and did no find anything resembling this as a potential hazard. If you believe that it belongs in a more general category under CERT please advise.
*** This bug has been marked as a duplicate of 323969 ***