Hi,

It's a security vulnerability, so you can't view the bug right now. Only a limited number of people, including some Mozilla staff members and the reporter, have access.

Am I to understand that everyone should be able to read Bug 2014390 and others, but do to an issue none other than the ones you mentioned can read the details of the bug?

No, I mean that the bug itself is a security vulnerability, and information in it may contain clues on how to abuse it (remember that there are still Firefox users on earlier versions). So it can't be made public now.

If I go to https://bugzilla.mozilla.org/show_bug.cgi?id=2014390&GoAheadAndLogIn=1

I only have to create a bugzilla account to view the item ? There is no restriction?

No, regular Bugzilla accounts (including mine, for example) can't access it.

I only have to create a bugzilla account to view the item ? There is no restriction?

The general issues tracker Bugzilla software (one of mozilla.org first products in 1998) uses a robust group system to control user access, restricting who can view or edit specific bugs and products.

I would say the majority of bugzilla.mozilla.org accounts have only basic access in what they can view and do to a bug. https://www.bugzilla.org/about/features.html https://bugzilla.readthedocs.io/en/5.2/administering/parameters.html#group-security

As said only the bug reporter and accounts who have been placed in a specific group(s) have access permissions in viewing that #2014390 bug currently. Though by default, bugs can also be seen by the Assignee, the Reporter, and everyone on the CC List, regardless of whether or not the bug would typically be viewable by them.

Many of these security vulnerability bugs may be made public access later on as you can see if you look at the advisories for older Firefox versions. https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/

OK. thanks.