Closed Bug 751254 Opened 13 years ago Closed 13 years ago

hacks.mozilla.org - SWFUpload Vulnerable Version

Categories

(Developer Engagement :: Mozilla Hacks, task)

Product:
Developer Engagement
Component:
Mozilla Hacks
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 751259

People

(Reporter: kontakt, Unassigned)

Details

(Keywords: reporter-external, sec-low, wsec-xss, Whiteboard: [site:hacks.mozilla.org][reporter-external])

User Agent: Mozilla/5.0 (Windows NT 5.1; rv:10.0) Gecko/20100101 Firefox/10.0 Build ID: 20120129021758 Steps to reproduce: Hello, I wanna to report a bug in site mpl.mozilla.org (Wordpress 3.3.1). About bug we can read, for example here: http://web.nvd.nist.gov/view/vuln/detail?vulnId=0 Actual results: Location of vulnerable: http://hacks.mozilla.org/wp-includes/js/swfupload/swfupload.swf --- Impact Type:Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service --- Expected results: For fix this vulnerability script must be updated for Wordpress 3.3.2
This is a working link for nist.gov: http://web.nvd.nist.gov/view/vuln/detail? vulnId=CVE-2012-2399 =================== Btw. Does this issue includes the program: http://www.mozilla.org/security/bug-bounty.html ? Thanks for reply. Best Regards
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
Component: hacks.mozilla.org → Mozilla Hacks
Product: Websites → Mozilla Developer Network
Keywords: sec-low, wsec-xss
Whiteboard: [site:hacks.mozilla.org][reporter-external]
For bugs that are resolved, we remove the security flag. These haven't had their flag removed, so I'm removing it now.
Group: websites-security
Group: websites-security
Group: websites-security
Product: Mozilla Developer Network → Developer Engagement
You need to log in before you can comment on or make changes to this bug.