Closed
Bug 949446
Opened 11 years ago
Closed 11 years ago
Source Code Disclosure of every possible project
Categories
(Websites :: other.mozilla.org, defect)
Websites
other.mozilla.org
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: shpendk13, Unassigned)
Details
(Keywords: reporter-external)
User Agent: Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
Steps to reproduce:
Bascilly, by going to http://viewvc.svn.mozilla.org/vc/projects/ you can view the source code of every website and project of mozilla. Not sure if this is supposed to be like this , or this is a major information disclosure vulnerability?
Actual results:
Went to http://viewvc.svn.mozilla.org/vc/projects/ and i can see all source code of all projects. No access controls at all.
Expected results:
Don't know, maybe ask for email&password combination
Mozilla is open sournce, we share everything.
Group: websites-security
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → WONTFIX
|
||
Updated•11 years ago
|
Flags: sec-bounty-
Alright then, i thought so but reported just in case :).
|
||
Updated•11 years ago
|
Component: blog.mozilla.org → other.mozilla.org
|
||
Comment 3•11 years ago
|
||
More of it is at https://github.com/mozilla/ if your curious.
|
||
Comment 4•11 years ago
|
||
More, including Firefox source code, on https://hg.mozilla.org/
And even some still on http://bonsai.mozilla.org/cvsqueryform.cgi !
|
||
Comment 5•11 years ago
|
||
Oh boy! Now I have access to everything!
|
|
||
Comment 6•11 years ago
|
||
That's fun, right?
| Comment hidden (off-topic) |
| Comment hidden (off-topic) |
| Comment hidden (off-topic) |
|
||
Comment 12•10 years ago
|
||
in order to prevent further off-topic/advocacy comments, i'm restricting comments on this bug.
Restrict Comments: true
|
||
Updated•6 months ago
|
Keywords: reporter-external
You need to log in
before you can comment on or make changes to this bug.
Description
•