cannot see bugs' detail on Bugzilla with bug-ID# listed in release notes
I have a Firefox account, I have a Bugzilla account (not used for a long time but was able to log-in back!). I try to understand the detail of some security bugs listed in the Firefox release notes by following the link (to bugzilla.mozilla.org) at the bug ID#... but I always get the reply from that site that I am not logged in with the "appropriate permissions". Actually, when I look at my Bugzilla profile (I am indeed logged in), I can't see any permission for that account. Who defines the permissions? When? What/who could change them? On what basis? Where/whom is the request to be sent to if any? Thanks in advance for the help.
All Replies (3)
There are some bugs that are locked down to mainly Mozilla staff as the contents of the bug are not be made available at the present time. This is typically (though not always) for security related bugs where there may be information in the bug report that would allow an attacker to compromise Firefox before a fix had been implemented.
The You are not authorized to access bug #. To see this bug, you must first log in to an account with the appropriate permissions. means regular Bugzilla accounts usually do not have any group permissions to see Bugs that are marked with specific group parameters like say for security reason and such. https://www.bugzilla.org/docs/4.4/en/html/groups.html
I think those with a regular Bugzilla account that is the reporter may still get access to that bug in viewing, not sure though.
There has been cases where the Bug is locked and only those with appropriate group permissions can continue to comment in and or edit the bug for example also. I have seen this occur when a bug gets spammed by Buzilla etiquette violations for example.
btw Firefox Accounts has been called Mozilla Accounts since early November 2023 to reflect that it is no longer just used with Firefox web browser and Firefox Sync as you can see in https://support.mozilla.org/en-US/kb/access-mozilla-services-firefox-account
Ok, I understand some bugs may be staff-restricted (or contained to other groups). According to me, it is nevertheless a major issue that this group-restriction does not show up as a "group-restricted" mention in the page where we land for trying to see the bug details. Anyway, the two bugs I was trying to see are listed in the _Fixed_ security bugs list of the latest Firefox revisions (#133 and ¸&134). Hence, I can't see the explanation holding much regarding concerns on "possible attack while not fixed". I am waiting for a better explanation. Issue not solved...