Security/Fileabug

From MozillaWiki
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Filing A Security Bug

Mozilla relies on the security community to help secure our products and websites by reporting security issues. This page provides information on how to use Bugzilla to submit a security issue.

Reporting a security bug

The easiest way to report a security bug (and for it to be automatically considered for a bounty) is to following the process outlined below:

NB, even if you don't wan't a bounty it helps us triage so use the forms above, and just indicate in the bug that you don't want it considered for bounty.

Steps to file a bug

If you can't use the process above, or you are simply unsure, you can also follow the manual process below:

1. Make sure you have a Bugzilla account. You can create a new account here.
2. Create a new bug on bugzilla.mozilla.org
3. Select the affected product:

Productchoice.png


4. Select the affected component (best guess is OK - we will re-assign as need be):

Componentchoice.png


5. Add a bug summary
6. Add a bug description
7. Add as much information as possible:

  • a "proof of concept" testcase
  • point out vulnerable code (use DXR or searchfox to link to code directly)
  • attach debug output or output from a tool demonstrating the issue.

8. IMPORTANT: mark the bug as a "security" bug to keep it confidential:

Securitybug.png


9. Double check your entry then Submit the bug.

Note: bug description and comments can NOT be edited (for transparency & integrity purposes) so double check what you write!

Tips:

Retrieved from "https://wiki.mozilla.org/index.php?title=Security/Fileabug&oldid=1219306"