canmove, Confirmed users
1,220
edits
Security/Fileabug: Difference between revisions
→Filing A Security Bug
Ptheriault (talk | contribs) No edit summary |
Ptheriault (talk | contribs) |
||
| Line 3: | Line 3: | ||
Mozilla relies on the security community to help secure our products and websites by reporting security issues. This page provides information on how to use Bugzilla to submit a security issue. | Mozilla relies on the security community to help secure our products and websites by reporting security issues. This page provides information on how to use Bugzilla to submit a security issue. | ||
==== A note on bug bounties ==== | |||
If you want to report a website bug to be considered for the [https://www.mozilla.org/en-US/security/web-bug-bounty/ Web Bounty Program], please use [https://bugzilla.mozilla.org/form.web.bounty this form] instead of the instructions below.<br/> For all other bugs, including bounty submissions for the [https://www.mozilla.org/en-US/security/client-bug-bounty/ Client Bounty Program] should use the steps below. | |||
=== Steps to file a bug === | |||
1. Make sure you have a Bugzilla account. You can create a new account [https://bugzilla.mozilla.org/createaccount.cgi here].<br /> | |||
2. Create a new bug on bugzilla.mozilla.org <br /> | |||
3. Select the affected product <br /> | |||
[[File:Productchoice.png|400px|frameless|none]]<br /> | |||
4. Select the affected component (best guess is OK - we will re-assign as need be)<br /> | |||
[[File:Componentchoice.png|400px|frameless|none]]<br /> | |||
5. Add a bug summary <br /> | |||
6. Add a bug description<br /> | |||
7. Add as much information as possible: <br /> | |||
* a "proof of concept" testcase | |||
* point out vulnerable code (use [https://dxr.mozilla.org/mozilla-central/source/ DXR] or [http://searchfox.org/ searchfox] to link to code directly) | |||
* attach debug output or output from a tool demonstrating the issue. <br /> | |||
8. '''IMPORTANT: mark the bug as a "security" bug to keep it confidential'''<br /> | |||
9. Double check your entry then Submit the bug. <br /> | |||
Note: bug description and comments can NOT be edited (for transparency & integrity purposes) so double check what you write! | |||
Tips: | |||
* Provide steps to | |||