750160 - Unprivileged users unable to file Security bugs in the Mozilla Services product

Status: RESOLVED DUPLICATE of bug 750144

(bugzilla.mozilla.org :: Administration, task)

Comment 1

[Daniel Veditz [:dveditz]]

WFM

Comment 2

[Daniel Veditz [:dveditz]]

Unprivileged accounts cannot file security bugs in the "Mozilla Services" product. If you follow through the guided format and at the end click the Security checkbox you are unable to file the bug and instead get the message:

   You tried to restrict a bug to the 'mozilla-services-security' group,
   but either this group does not exist, or you are not allowed to restrict
   bugs to this group in the 'Mozilla Services' product.

See bug 750116 comment 0 for an example of a user who ran into this issue.

A user who has the privilege to put bugs into that group is allowed to click the generic "Security" checkbox when filing a bug, and security bugs in the product do default to mozilla-services-security.  I don't know if this is an issue with how the product is set up or how the group is, but we should fix it so people can safely tell us about security issues.

Comment 4

[Daniel Veditz [:dveditz]]

In confirming this bug I used the default guided format for my unprivileged test account, and with my privileged account successfully filed a secure bug (this one, originally) using the advanced form. I doubt that makes a difference so I didn't try the inverse, but thought I'd better mention it.