Closed
Bug 949446
Opened 9 years ago
Closed 9 years ago
Source Code Disclosure of every possible project
Categories
(Websites :: other.mozilla.org, defect)
Websites
other.mozilla.org
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: shpendk13, Unassigned)
Details
User Agent: Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36 Steps to reproduce: Bascilly, by going to http://viewvc.svn.mozilla.org/vc/projects/ you can view the source code of every website and project of mozilla. Not sure if this is supposed to be like this , or this is a major information disclosure vulnerability? Actual results: Went to http://viewvc.svn.mozilla.org/vc/projects/ and i can see all source code of all projects. No access controls at all. Expected results: Don't know, maybe ask for email&password combination
Mozilla is open sournce, we share everything.
Group: websites-security
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Resolution: --- → WONTFIX
Flags: sec-bounty-
|
||
Updated•9 years ago
|
Component: blog.mozilla.org → other.mozilla.org
|
||
Comment 3•9 years ago
|
||
More of it is at https://github.com/mozilla/ if your curious.
|
||
Comment 4•9 years ago
|
||
More, including Firefox source code, on https://hg.mozilla.org/ And even some still on http://bonsai.mozilla.org/cvsqueryform.cgi !
|
||
Comment 5•9 years ago
|
||
Oh boy! Now I have access to everything!
|
|
||
Comment 6•9 years ago
|
||
That's fun, right?
| Comment hidden (off-topic) |
| Comment hidden (spam) |
| Comment hidden (off-topic) |
| Comment hidden (off-topic) |
|
||
Comment 12•8 years ago
|
||
in order to prevent further off-topic/advocacy comments, i'm restricting comments on this bug.
Restrict Comments: true
You need to log in
before you can comment on or make changes to this bug.
Description
•