Closed Bug 653560 Opened 14 years ago Closed 14 years ago

*** Security Enhancement *** Don't allow Disabled Account E-mails to be shown during Hover on BMO

Categories

(bugzilla.mozilla.org :: General, enhancement)

x86
Windows 7
enhancement
Not set
normal

Tracking

()

RESOLVED WONTFIX

People

(Reporter: cab26715, Unassigned)

References

()

Details

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0a1) Gecko/20110428 Firefox/6.0a1 Build Identifier: I have a security enhancement for Bugzilla and am unsure as to why it hasn't been implemented already, considering we are now using version 4.0 of Bugzilla. If a Bugzilla account has been disabled (such as https://bugzilla.mozilla.org/show_bug.cgi?id=638437#c66), I believe it should NOT be possible to view the offender's e-mail address through mouse hover (rest mouse on top of "account disabled"). This opens a window for people to spam the offender. Mozilla, just keep a record of the offenders on your end (say a Block List Excel file), but don't allow legitimate Bugzilla users to view that information though mouse hover. Reproducible: Always Actual Results: E-Mail addresses of Disabled Accounts can be viewed through Mouse Hover on BMO. Expected Results: E-Mail addresses of Disabled Accounts should NOT be visible on BMO.
I see no reason why we would want to go such lengths to protect somebody who has abused others. He/she chose to be a jerk. Any discussions that occur outside of Bugzilla are not under the control of Mozilla. --> WONTFIX
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.