Søg i Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Læs mere

how to get access to all the advisories in mozilla?

  • 4 svar
  • 1 har dette problem
  • 3 visninger
  • Seneste svar af philipp

more options

Mozilla Foundation Security Advisories (http://www.mozilla.org/security/announce/),

when accessed provides information on many of the advisories, but for some it displays an error that you are not authorized to open. 

I tried to open bug #790879 & it showed following error:- (https://bugzilla.mozilla.org/show_bug.cgi?id=790879). Can anybody please tell me what needs to be done to get complete access of the advisories.

Mozilla Foundation Security Advisories (http://www.mozilla.org/security/announce/), when accessed provides information on many of the advisories, but for some it displays an error that you are not authorized to open. I tried to open bug #790879 & it showed following error:- (https://bugzilla.mozilla.org/show_bug.cgi?id=790879). Can anybody please tell me what needs to be done to get complete access of the advisories.

Alle svar (4)

more options

hello gauravmunje, bugzilla entries that are marked as security-sensitive are not accessible to the public, but generally speaking only for the security team at mozilla & the reporter of such vulnerabilities - for more information about this policy see www.mozilla.org/projects/security/security-bugs-policy.html

more options

Hey, thanks a ton for the immediate reply.

One more query though:

Can anybody access those security sensitive entries, post public disclosure?

more options

i myself am no mozilla staff but just a contributing volunteer, so i cannot tell you for sure how it works in practise (the policy document is now nearly a decade old). however according to the document most bugs should get disclosed after a unspecified amount of time after they got fixed and then they are just readable like any other normal bug report at bugzilla.mozilla.org.

in case you have a legitimate interest in reviewing a certain inaccessible bug-report (& have an account on bugzilla.mozilla.org) you could also try to write an email to the security@XXX mail address & explain the situation - maybe they can/will add you to the list of people who are authorized to view the details.