Closed Bug 673175 Opened 13 years ago Closed 11 years ago

information leak - email address of last user to comment awaiting moderation was being shown

Tracking

(Not tracked)

Status:

RESOLVED DUPLICATE of bug 652560

People

(Reporter: sdaugherty, Unassigned)

References

(
URL
)

Details

(Keywords: privacy, Whiteboard: [site:hacks.mozilla.org][specification-like][type:bug])

Attachments

(1 file)

another user's email address being shown 13 years ago Stephanie Daugherty [:sdaugherty] 65.97 KB, image/png		Details

Stephanie Daugherty [:sdaugherty]

Reporter

Description

•

13 years ago

Attached image another user's email address being shown — Details

I commented earlier on this story, and it was being held for moderation. I refreshed the page later to see if my comment had been posted, and was able to see the email address of the last user to leave a comment on the page (see attached screenshot)

Stephanie Daugherty [:sdaugherty]

Reporter

Updated

•

13 years ago

Keywords: privacy

Wil Clouser [:clouserw]

Comment 1

•

13 years ago

Fastest fix for this is to send no-cache headers for any pages that have that box on them.

Jesse Ruderman

Comment 2

•

13 years ago

Would "Vary: Cookie" do the trick?

Wil Clouser [:clouserw]

Comment 3

•

13 years ago

I doubt it unless the blog is starting sessions for everyone.

Stefan Arentz | :st3fan | ⏰ EST | he/him

Updated

•

11 years ago

Whiteboard: [site:hacks.mozilla.org]

Nobody; OK to take it and work on it

Assignee

Updated

•

11 years ago

Component: hacks.mozilla.org → Mozilla Hacks

Product: Websites → Mozilla Developer Network

John Karahalis [:openjck]

Comment 4

•

11 years ago

I cannot reproduce. I can see my own contact information in the form when I visit the page a second time, but not the contact information of another user.

The strange thing here is that Stephanie is even /seeing/ a comment that is in moderation. Normal users cannot do this. Maybe she was logged in? But after testing with jswisher, it appears that even logged-in users cannot see the contact information of other commenters today.

Marking as WORKSFORME. Please reopen if I am mistaken.

Status: NEW → RESOLVED

Closed: 11 years ago

Resolution: --- → WORKSFORME

John Karahalis [:openjck]

Comment 5

•

11 years ago

Tagging this correctly, just in case it is reopened.

Priority: -- → P1

Whiteboard: [site:hacks.mozilla.org] → [site:hacks.mozilla.org][specification-like][type:bug]

John Karahalis [:openjck]

Updated

•

11 years ago

Resolution: WORKSFORME → DUPLICATE

Will Kahn-Greene [:willkg] ET needinfo? me

Comment 7

•

8 years ago

For bugs that are resolved, we remove the security flag. These haven't had their flag removed, so I'm removing it now.

Group: websites-security

BMO Automation

Updated

•

7 years ago

Product: Mozilla Developer Network → Developer Engagement

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

information leak - email address of last user to comment awaiting moderation was being shown

Categories

(Developer Engagement :: Mozilla Hacks, task, P1)

Tracking

(Not tracked)

People

(Reporter: sdaugherty, Unassigned)

References

(
URL
)

Details

(Keywords: privacy, Whiteboard: [site:hacks.mozilla.org][specification-like][type:bug])

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Updated

Comment 1

Comment 2

Comment 3

Updated

Updated

Comment 4

Comment 5

Updated

Comment 7

Updated

Attachment

General

Description

File Name

Content Type