Plugin check bug and possible information/source disclosure

RESOLVED INVALID

Status

RESOLVED INVALID
6 years ago
6 years ago

People

(Reporter: Michael1026, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

6 years ago
User Agent: Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.172 Safari/537.22

Steps to reproduce:

Visited the following URL: https://www.mozilla.org/js/plugincheck


Actual results:

It seems to display the website's source code instead of operating properly.

Comment 1

6 years ago
(In reply to Michael Blake from comment #0)
> User Agent: Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.22 (KHTML, like
> Gecko) Chrome/25.0.1364.172 Safari/537.22
> 
> Steps to reproduce:
> 
> Visited the following URL: https://www.mozilla.org/js/plugincheck
> 
> 
> Actual results:
> 
> It seems to display the website's source code instead of operating properly.

How did you get to this URL?

The correct URL for the plugin check is:

https://www.mozilla.org/plugincheck/

The URL of https://www.mozilla.org/js/plugincheck is the path to the JavaScript that is used for the page and thus displaying the code is what it should do. It's just JavaScript and not a web page.
(Reporter)

Comment 2

6 years ago
It was actually publicly listed in a Google search.

Comment 3

6 years ago
(In reply to Michael Blake from comment #2)
> It was actually publicly listed in a Google search.

Do you remember what you searched for? Can you replicate the results to that URL?

Thanks!
(Reporter)

Comment 4

6 years ago
If I remember right, all I searched was 

site:mozilla.org

-Michael
(Reporter)

Comment 7

6 years ago
Yes, on page 19.

http://prntscr.com/yt0fj

Comment 8

6 years ago
Ah! I didn't notice the page you were on. I don't think this is an issue because the JS file *is* on www.mozilla.org, it is JavaScript, and it is doing what it is expected. Plus, most users of search don't get past the first page, let alone the first few links on the first page.

We could add /js/ to the robots.txt to not allow spiders to crawl it:

http://www.mozilla.org/robots.txt

I think we should "won't fix" this bug since the new python-based plugin checker page is nearly complete and all of the assets will be up on the Mozilla CDN and thus this will fall off of the site:www.mozilla.org result list.
This is just the file that appears here: http://viewvc.svn.mozilla.org/vc/projects/mozilla.com/trunk/js/plugincheck.js?view=markup

It is public javascript so this isn't a bug. I don't see any particular reason to hide it from search, when you search site:mozilla.org plugincheck you get the proper page. The fact that is buried way down in the results doesn't really affect anything. But either way, the fact that this JS is available on the site is expected.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.