how to get access to all the advisories in mozilla?
Mozilla Foundation Security Advisories (http://www.mozilla.org/security/announce/),
when accessed provides information on many of the advisories, but for some it displays an error that you are not authorized to open.
I tried to open bug #790879 & it showed following error:- (https://bugzilla.mozilla.org/show_bug.cgi?id=790879). Can anybody please tell me what needs to be done to get complete access of the advisories.
Additional System Details
- Shockwave Flash 11.4 r402
- Shockwave Flash 11.3 r300
- NPRuntime Script Plug-in Library for Java(TM) Deploy
- The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.
- DRM Netscape Network Object
- DRM Store Netscape Plugin
- Npdsplay dll
- Office Plugin for Netscape Navigator
- Adobe Acrobat Plug-In Version 7.00 for Netscape
- User Agent: Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko/20100101 Firefox/11.0
hello gauravmunje, bugzilla entries that are marked as security-sensitive are not accessible to the public, but generally speaking only for the security team at mozilla & the reporter of such vulnerabilities - for more information about this policy see www.mozilla.org/projects/security/security-bugs-policy.html
Hey, thanks a ton for the immediate reply.
One more query though:
Can anybody access those security sensitive entries, post public disclosure?
i myself am no mozilla staff but just a contributing volunteer, so i cannot tell you for sure how it works in practise (the policy document is now nearly a decade old). however according to the document most bugs should get disclosed after a unspecified amount of time after they got fixed and then they are just readable like any other normal bug report at bugzilla.mozilla.org.
in case you have a legitimate interest in reviewing a certain inaccessible bug-report (& have an account on bugzilla.mozilla.org) you could also try to write an email to the security@XXX mail address & explain the situation - maybe they can/will add you to the list of people who are authorized to view the details.