Security/Fileabug: Difference between revisions
Ptheriault (talk | contribs) No edit summary |
Ptheriault (talk | contribs) |
||
| Line 3: | Line 3: | ||
Mozilla relies on the security community to help secure our products and websites by reporting security issues. This page provides information on how to use Bugzilla to submit a security issue. | Mozilla relies on the security community to help secure our products and websites by reporting security issues. This page provides information on how to use Bugzilla to submit a security issue. | ||
==== A note on bug bounties ==== | |||
If you want to report a website bug to be considered for the [https://www.mozilla.org/en-US/security/web-bug-bounty/ Web Bounty Program], please use [https://bugzilla.mozilla.org/form.web.bounty this form] instead of the instructions below.<br/> For all other bugs, including bounty submissions for the [https://www.mozilla.org/en-US/security/client-bug-bounty/ Client Bounty Program] should use the steps below. | |||
=== Steps to file a bug === | |||
1. Make sure you have a Bugzilla account. You can create a new account [https://bugzilla.mozilla.org/createaccount.cgi here].<br /> | |||
2. Create a new bug on bugzilla.mozilla.org <br /> | |||
3. Select the affected product <br /> | |||
[[File:Productchoice.png|400px|frameless|none]]<br /> | |||
4. Select the affected component (best guess is OK - we will re-assign as need be)<br /> | |||
[[File:Componentchoice.png|400px|frameless|none]]<br /> | |||
5. Add a bug summary <br /> | |||
6. Add a bug description<br /> | |||
7. Add as much information as possible: <br /> | |||
* a "proof of concept" testcase | |||
* point out vulnerable code (use [https://dxr.mozilla.org/mozilla-central/source/ DXR] or [http://searchfox.org/ searchfox] to link to code directly) | |||
* attach debug output or output from a tool demonstrating the issue. <br /> | |||
8. '''IMPORTANT: mark the bug as a "security" bug to keep it confidential'''<br /> | |||
9. Double check your entry then Submit the bug. <br /> | |||
Note: bug description and comments can NOT be edited (for transparency & integrity purposes) so double check what you write! | |||
Tips: | |||
* Provide steps to | |||
Revision as of 08:39, 25 July 2016
Filing A Security Bug
Mozilla relies on the security community to help secure our products and websites by reporting security issues. This page provides information on how to use Bugzilla to submit a security issue.
A note on bug bounties
If you want to report a website bug to be considered for the Web Bounty Program, please use this form instead of the instructions below.
For all other bugs, including bounty submissions for the Client Bounty Program should use the steps below.
Steps to file a bug
1. Make sure you have a Bugzilla account. You can create a new account here.
2. Create a new bug on bugzilla.mozilla.org
3. Select the affected product
4. Select the affected component (best guess is OK - we will re-assign as need be)
5. Add a bug summary
6. Add a bug description
7. Add as much information as possible:
- a "proof of concept" testcase
- point out vulnerable code (use DXR or searchfox to link to code directly)
- attach debug output or output from a tool demonstrating the issue.
8. IMPORTANT: mark the bug as a "security" bug to keep it confidential
9. Double check your entry then Submit the bug.
Note: bug description and comments can NOT be edited (for transparency & integrity purposes) so double check what you write!
Tips:
- Provide steps to