Complete database dump disclosure - addons.mozilla.com

RESOLVED FIXED

Status

Websites
other.mozilla.org
P1
blocker
RESOLVED FIXED
7 years ago
7 months ago

People

(Reporter: Flow, Unassigned)

Tracking

({sec-critical, wsec-disclosure})

unspecified
sec-critical, wsec-disclosure
Dependency tree / graph
Bug Flags:
sec-bounty +

Details

(Whiteboard: [infrasec:other][ws:critical], URL)

(Reporter)

Description

7 years ago
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; de; rv:1.9.2.13) Gecko/20101206 Ubuntu/10.10 (maverick) Firefox/3.6.13
Build Identifier: 

I have been looking around a bit again because of the Mozilla security bounty program. I dug a little deeper now after finding this: https://bugzilla.mozilla.org/show_bug.cgi?id=619702

This time it's a little bit more serious. In fact, this time it is a major fuckup I guess.

Looking at the url above, you will find a complete mysql dump of remora, including email addresses and password hashes (even md5s) for addons.mozilla.com. 

You should fix this NOW! I just found it via google.

Maybe you should think about some kind of policy for the guys under people.mozilla.com. This will not be the fix, but maybe it will sensitize some of the guys not uploading critical, productive data!

I will contact security@mozilla.com about this referencing the bounty program.

I have not and will not disclose any of the data in the dump.

Reproducible: Always

Steps to Reproduce:
1. visit url above
Actual Results:  
total pwnage
Thanks. The file has been removed for now. We'll be in touch as to any bounty information.
Severity: critical → blocker
Status: UNCONFIRMED → RESOLVED
Last Resolved: 7 years ago
Priority: -- → P1
Resolution: --- → FIXED
Whiteboard: [infrasec:other][ws:critical]
Depends on: 620001

Updated

5 years ago
Blocks: 836522
Flags: sec-bounty+
Keywords: sec-critical, wsec-disclosure
Group: websites-security
You need to log in before you can comment on or make changes to this bug.