mdn
Found a possible security concern
Hey there!
I belong to an open source security research community, and a member (@leommjr) has found an issue, but doesnβt know the best way to disclose it.
If not a hassle, might you kindly add a SECURITY.md file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.
Thank you for your consideration, and I look forward to hearing from you!
(cc @huntr-helper)
@zidingz Thanks for raising this issue. I will discuss adding a SECURITY.md like this one internally, and hope to address this soon. π€
~~@Leommjr For the time being, and provided that the security issue you found is still valid, could you please email [email protected] with the details? That would be great. π~~
Sorry again for taking so long to respond! π
@caugner - thanks for your response and no apologies needed! π
If it is any easier for you, you can view the report directly here: https://huntr.dev/bounties/95e0023a-136c-4207-8d20-943371fee269/
It is private and only accessible to maintainers with repository write permissions.
After raising this issue today, I can share that there is an ongoing effort of joining the Mozilla Security Bug Bounty Program, but I don't have any more details at this point of time.
@Leommjr Thank you for your patience! π
Could you please file a bug here on Bugzilla and add :fiji to the needinfo field?
@caugner https://bugzilla.mozilla.org/show_bug.cgi?id=1801528 let me know if i open the issue correctly