Exploits: 1. I first purchase one app (e.g., novaskin here) and remembered the uuid parameter (cbb9ef1bd36441a296a3b5b9f15a55fa) within the redirection request returned by Paypal to the marketplace. GET https://marketplace.mozilla.org/en-US/app/novaskin/purchase/complete?realurl=None&uuid=cbb9ef1bd36441a296a3b5b9f15a55fa HTTP 1.1 2. I replay the request with another app name (e.g. yohoho here) that I haven't purchased and the above uuid parameter to marketplace. GET https://marketplace.mozilla.org/en-US/app/yohoho/purchase/complete?realurl=None&uuid=cbb9ef1bd36441a296a3b5b9f15a55fa HTTP 1.1 And I got a web page showing that the purchase of yohoho is complete. I was trying to trigger the app to be purchased, but it turned out to be an inconsistency of page display, not a security issue. I am just reporting this and not sure whether this is a serious bug that should be fixed. Thanks, Xiaowei
our purchase flow is completely different. closing
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.