Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Mozilla - HackerOne Reports

View on HackerOne

70

Total Reports

7

Critical

5

High

35

Medium

18

Low

Subdomain takeover on one of the subdomain under mozaws.net

Reported by: proabiral | Disclosed:

Medium

Weakness: Improper Resource Shutdown or Release

Internal Blind Server-Side Request Forgery (SSRF) allows scanning internal ports

Reported by: harshdranjan | Disclosed:

Weakness: Server-Side Request Forgery (SSRF)

Subdomain takeover on one of the subdomain under mozgcp.net

Reported by: d0xing | Disclosed:

Medium

Weakness: Misconfiguration

Bypass Email verification for monitoring at `monitor.mozilla.org`

Reported by: 0d_amrr | Disclosed:

Medium

Weakness: Business Logic Errors

Mozilla VPN Clients: RCE via file write and path traversal

Reported by: trein | Disclosed:

High

Weakness: Path Traversal

Bounty: $6000.00

Security bug https://bugzilla.mozilla.org/oauth/authorize - CRLF Header injection via "redirect_uri" parameter

Reported by: oja | Disclosed:

Low

Weakness: CRLF Injection

Bounty: $200.00

paypal client_id And stripe api key indexed on web archive

Reported by: ghaazy | Disclosed:

Weakness: Information Disclosure

Subdomain takeover on one of the subdomain under mozilla.org

Reported by: d0xing | Disclosed:

Medium

Weakness: Misconfiguration

Subdomain takeover on one of the subdomains under mozaws.net

Reported by: d0xing | Disclosed:

Medium

Weakness: Misconfiguration

MozillaVPN: Elevation of Privilege via a Logic Vulnerability

Reported by: northsea | Disclosed:

Medium

Weakness: Improper Link Resolution Before File Access ('Link Following')

Subdomain takeover on one of the subdomain under mozaws.net

Reported by: holybugx | Disclosed:

Medium

Weakness: Misconfiguration

After the upload of an private file, using transformations, the file becomes public without the possibility of changing it.

Reported by: limusec | Disclosed:

Medium

Weakness: Improper Access Control - Generic

Bounty: $1000.00

RCE on worker host due to unsanitized "env" variable name in task definition on community-tc.services.mozilla.com

Reported by: ebrietas | Disclosed:

Low

Weakness: Code Injection

Bounty: $500.00

CSRF to Information disclosure on password reset

Reported by: hackeriron1 | Disclosed:

Low

Weakness: Cross-Site Request Forgery (CSRF)

IDOR on Delete Email address features

Reported by: ryujinx | Disclosed:

High

Weakness: Insecure Direct Object Reference (IDOR)

IDOR - send a message on behalf of other user

Reported by: lamscun | Disclosed:

Medium

Weakness: Insecure Direct Object Reference (IDOR)

Flickr API key leaked in GitHub commit

Reported by: m4y4nk | Disclosed:

Low

Weakness: Information Disclosure

Missing Function Level Access Control in Mozilla formula containsRegular Expression Denial of Service (CVE-2023-25166)

Reported by: hackeronanywhere | Disclosed:

Medium

Weakness: Uncontrolled Resource Consumption

Mozilla FuzzManager API Token Exposed in Git Commit

Reported by: yakirka | Disclosed:

Critical

Weakness: Cleartext Storage of Sensitive Information

Subdomain takeover on one of the subdomain under mozgcp.net

Reported by: d0xing | Disclosed:

Medium

Weakness: Misconfiguration

Page 1 of 4 Next