X
Tap here to go to the mobile version of the site.
Your Firefox is out of date and may contain a security risk! Upgrade Firefox

Support Forum

how to get access to all the advisories in mozilla?

Posted

Mozilla Foundation Security Advisories (http://www.mozilla.org/security/announce/),

when accessed provides information on many of the advisories, but for some it displays an error that you are not authorized to open. 

I tried to open bug #790879 & it showed following error:- (https://bugzilla.mozilla.org/show_bug.cgi?id=790879). Can anybody please tell me what needs to be done to get complete access of the advisories.

Additional System Details

Installed Plug-ins

  • Shockwave Flash 11.4 r402
  • Shockwave Flash 11.3 r300
  • NPRuntime Script Plug-in Library for Java(TM) Deploy
  • The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.
  • DRM Netscape Network Object
  • DRM Store Netscape Plugin
  • Npdsplay dll
  • Office Plugin for Netscape Navigator
  • Adobe Acrobat Plug-In Version 7.00 for Netscape

Application

  • User Agent: Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko/20100101 Firefox/11.0

More Information

philipp
  • Top 10 Contributor
  • Moderator
2050 solutions 8916 answers

Helpful Reply

hello gauravmunje, bugzilla entries that are marked as security-sensitive are not accessible to the public, but generally speaking only for the security team at mozilla & the reporter of such vulnerabilities - for more information about this policy see www.mozilla.org/projects/security/security-bugs-policy.html

Question owner

Hey, thanks a ton for the immediate reply.

One more query though:

Can anybody access those security sensitive entries, post public disclosure?

philipp
  • Top 10 Contributor
  • Moderator
2050 solutions 8916 answers

Helpful Reply

i myself am no mozilla staff but just a contributing volunteer, so i cannot tell you for sure how it works in practise (the policy document is now nearly a decade old). however according to the document most bugs should get disclosed after a unspecified amount of time after they got fixed and then they are just readable like any other normal bug report at bugzilla.mozilla.org.

in case you have a legitimate interest in reviewing a certain inaccessible bug-report (& have an account on bugzilla.mozilla.org) you could also try to write an email to the security@XXX mail address & explain the situation - maybe they can/will add you to the list of people who are authorized to view the details.