On Tue, May 13, 2025 at 8:34 AM 'Nick Alexander' via dev-platform@mozilla.org <dev-platform@mozilla.org> wrote:
> I am not so familiar with our sec process details. When the advisory is > published, is the information needed to write the description publicly > available? I.e., is the "reference to the bug on bugzilla" -- a link to > the bug, I assume -- open so that a motivated individual could plausibly > produce the description themselves? > The bugzilla link is there to tie the public CVE identifier with the bugzilla ID known and used by the folks who work on Firefox. It's not required, but it's useful in an open source project. Chrome also links to their internal bug numbers when they publish CVE information (the bugs remain hidden for a while like ours). Apple doesn't give any kind of internal reference for Safari vulnerabilities, not even the ones filed in their bugzilla for webkit. In case it's useful for comparison, here are links to some recent browser advisories: Security vulnerabilities fixed in Firefox 138 <https://www.mozilla.org/en-US/security/advisories/mfsa2025-28/> Stable channel update for Chrome 136 <https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_29.html> About the security content of Safari 18.5 <https://support.apple.com/en-us/122719> -- You received this message because you are subscribed to the Google Groups "dev-platform@mozilla.org" group. To unsubscribe from this group and stop receiving emails from it, send an email to dev-platform+unsubscr...@mozilla.org. To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/CADYDTCB%3DLtfSfrAnB11buuRgRuTAJd4P_Kop5Ev54tv4-gqW%2BQ%40mail.gmail.com.
