There are some very old (> 2 years) security bugs in Bugzilla that have been publicly accessible for over a year, but their proofs of concept (exploit testcases) are still not publicly accessible.
I assume this is an oversight, because the testcases were added as attachments to individual comments. How would I go about rectifying this situation? I could provide someone in authority with a list of such bugs. Or am I just misunderstanding? Here are some examples: 1. Mozilla Foundation Security Advisory 2006-05 https://bugzilla.mozilla.org/show_bug.cgi?id=319847 Reported December 2005, security tag removed April 2007 Exploit test cases as attachments in comments #1,2,6,9,15 2. Mozilla Foundation Security Advisory 2006-24 https://bugzilla.mozilla.org/show_bug.cgi?id=327126 Reported February 2006, security tag removed April 2007 Exploit testcases as attachments in comments #1,24 By the way, I am a graduate student doing security research, and I find the proofs of concept very useful in understanding the nature of the vulnerabilities. _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
