Closed
Bug 856463
Opened 11 years ago
Closed 11 years ago
Plugin check bug and possible information/source disclosure
Categories
(www.mozilla.org :: General, defect)
www.mozilla.org
General
Tracking
(Not tracked)
RESOLVED
INVALID
People
(Reporter: Michael1026, Unassigned)
Details
User Agent: Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.172 Safari/537.22 Steps to reproduce: Visited the following URL: https://www.mozilla.org/js/plugincheck Actual results: It seems to display the website's source code instead of operating properly.
Comment 1•11 years ago
|
||
(In reply to Michael Blake from comment #0) > User Agent: Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.22 (KHTML, like > Gecko) Chrome/25.0.1364.172 Safari/537.22 > > Steps to reproduce: > > Visited the following URL: https://www.mozilla.org/js/plugincheck > > > Actual results: > > It seems to display the website's source code instead of operating properly. How did you get to this URL? The correct URL for the plugin check is: https://www.mozilla.org/plugincheck/ The URL of https://www.mozilla.org/js/plugincheck is the path to the JavaScript that is used for the page and thus displaying the code is what it should do. It's just JavaScript and not a web page.
Reporter | ||
Comment 2•11 years ago
|
||
It was actually publicly listed in a Google search.
Comment 3•11 years ago
|
||
(In reply to Michael Blake from comment #2) > It was actually publicly listed in a Google search. Do you remember what you searched for? Can you replicate the results to that URL? Thanks!
Reporter | ||
Comment 4•11 years ago
|
||
If I remember right, all I searched was site:mozilla.org -Michael
Reporter | ||
Comment 5•11 years ago
|
||
Ah, here it is. I search... site:www.mozilla.org Here's the url: https://www.google.com/search?q=site%3Amozilla.org&aq=f&oq=site%3Amozilla.org&aqs=chrome.0.59l2j58j59j60.2500&sourceid=chrome&ie=UTF-8#q=site:www.mozilla.org&hl=en&safe=off&psj=1&ei=7SBZUbe6Oe3piQKrzYHgCQ&start=180&sa=N&bav=on.2,or.r_cp.r_qf.&bvm=bv.44442042,d.cGE&fp=4147000d939f6efe&biw=1366&bih=624 -Michael
Comment 6•11 years ago
|
||
Hmm, that's strange. When I see your link, I can see it. When I do a site:www.mozilla.org, I can see a different result see. https://www.google.com/#hl=en&sclient=psy-ab&q=site:www.mozilla.org&oq=site:www.mozilla.org&gs_l=hp.3...1066.8359.0.8521.32.25.7.0.0.0.143.1699.22j3.25.0...0.0...1c.1.8.psy-ab.wrKyQMuhSVA&pbx=1&bav=on.2,or.r_qf.&bvm=bv.44697112,d.cGE&fp=a109f59e47f3fc28&biw=1920&bih=983 Do you see the JS file in the link above?
Reporter | ||
Comment 7•11 years ago
|
||
Yes, on page 19. http://prntscr.com/yt0fj
Comment 8•11 years ago
|
||
Ah! I didn't notice the page you were on. I don't think this is an issue because the JS file *is* on www.mozilla.org, it is JavaScript, and it is doing what it is expected. Plus, most users of search don't get past the first page, let alone the first few links on the first page. We could add /js/ to the robots.txt to not allow spiders to crawl it: http://www.mozilla.org/robots.txt I think we should "won't fix" this bug since the new python-based plugin checker page is nearly complete and all of the assets will be up on the Mozilla CDN and thus this will fall off of the site:www.mozilla.org result list.
Comment 9•11 years ago
|
||
This is just the file that appears here: http://viewvc.svn.mozilla.org/vc/projects/mozilla.com/trunk/js/plugincheck.js?view=markup It is public javascript so this isn't a bug. I don't see any particular reason to hide it from search, when you search site:mozilla.org plugincheck you get the proper page. The fact that is buried way down in the results doesn't really affect anything. But either way, the fact that this JS is available on the site is expected.
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•