Closed
Bug 653560
Opened 14 years ago
Closed 14 years ago
*** Security Enhancement *** Don't allow Disabled Account E-mails to be shown during Hover on BMO
Categories
(bugzilla.mozilla.org :: General, enhancement)
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: cab26715, Unassigned)
References
()
Details
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0a1) Gecko/20110428 Firefox/6.0a1
Build Identifier:
I have a security enhancement for Bugzilla and am unsure as to why it hasn't been implemented already, considering we are now using version 4.0 of Bugzilla.
If a Bugzilla account has been disabled (such as https://bugzilla.mozilla.org/show_bug.cgi?id=638437#c66), I believe it should NOT be possible to view the offender's e-mail address through mouse hover (rest mouse on top of "account disabled"). This opens a window for people to spam the offender. Mozilla, just keep a record of the offenders on your end (say a Block List Excel file), but don't allow legitimate Bugzilla users to view that information though mouse hover.
Reproducible: Always
Actual Results:
E-Mail addresses of Disabled Accounts can be viewed through Mouse Hover on BMO.
Expected Results:
E-Mail addresses of Disabled Accounts should NOT be visible on BMO.
Comment 1•14 years ago
|
||
I see no reason why we would want to go such lengths to protect somebody who has abused others. He/she chose to be a jerk. Any discussions that occur outside of Bugzilla are not under the control of Mozilla.
--> WONTFIX
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•