Closed Bug 986774 Opened 11 years ago Closed 9 years ago

Full Path Disclosure (FPD) vulnerabilities found in http://bzr.mozilla.org/

Categories

(Websites :: other.mozilla.org, defect)

Product:
Websites
Component:
other.mozilla.org
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: theliam911, Unassigned)

Details

(Keywords: reporter-external, sec-low, wsec-disclosure, Whiteboard: [site:bzr.mozilla.org][reporter-external])

Attachments

(1 file)

Screen Shot 2014-03-22 at 11.26.39 AM.png
56.23 KB, image/png
Details
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.152 Safari/537.36 Steps to reproduce: open the browser, go to http://bzr.mozilla.org/bugzilla/4.4/revision/8513/extensions/MoreBugUrl/lib/PHP.pm?remember=8537&compare_revid=1a Actual results: the page will show the absolute path of the server /var/www/html/bzr.mozilla.org/bugzilla/.bzr/repository/ Expected results: the page will show the error message exclude absolute path of the server
This site is not officially in our list of eligible sites. If the bug is extraordinary we sometimes offer bounties for interesting bugs which are outside of normal policy. We do appreciate learning about bugs in all of our sites. We publish a list of eligible sites for people who are only interested in bounties and we hope that can help reduce the frustration of wasting time in unfruitful areas. http://www.mozilla.org/security/bug-bounty-faq-webapp.html#eligible-bugs
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: sec-bounty-
Keywords: sec-low, wsec-disclosure
Whiteboard: [site:bzr.mozilla.org][reporter-external]
Site moved, error messages only show relative path on new server. Closing.
Group: websites-security
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: