Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Mozilla - HackerOne Reports

View on HackerOne

70

Total Reports

7

Critical

5

High

35

Medium

18

Low

Subdomain takeover on one of the subdomain under mozaws.net

Reported by: holybugx | Disclosed:

Medium

Weakness: Misconfiguration

User API Key leakage in Github commit leads to unauthorized access to sql.telemetry.mozilla.org

Reported by: anhchangmutrang | Disclosed:

High

Weakness: Information Disclosure

Denial of Access to Static Resources via Cache Poisoning on addons.allizom.org

Reported by: jabiyev | Disclosed:

Low

Weakness: Cache Poisoning

Subdomain takeover on a subdomain under firefox.com

Reported by: martinvw | Disclosed:

Medium

Weakness: Misconfiguration

Bounty: $500.00

If rate limit is hit, IP address is leaked to anyone who tries to login

Reported by: anish-kosaraju | Disclosed:

Low

Weakness: Information Disclosure

DOS via cache poisoning on [developer.mozilla.org]

Reported by: zhero_ | Disclosed:

Low

Weakness: Cache Poisoning

Subdomain takeover on one of the subdomain under mozgcp.net

Reported by: mikey96 | Disclosed:

Medium

Weakness: Privilege Escalation

Subdomain takeover on one of the subdomains under mozaws.net

Reported by: d0xing | Disclosed:

Medium

Weakness: Misconfiguration

Mozilla Mastodon Staging Instance Admin API Key Disclosure Through Slack

Reported by: griffinf | Disclosed:

High

Weakness: Insecure Storage of Sensitive Information

Bounty: $1000.00

Subdomain takeover on one of the subdomain under mozaws.net

Reported by: holybugx | Disclosed:

Medium

Weakness: Misconfiguration

two aws access key and secret key and database username and password exposed

Reported by: ghaazy | Disclosed:

Critical

Weakness: Information Disclosure

sentry Auth Token exposed publicly in docker hub image

Reported by: ghaazy | Disclosed:

Weakness: Information Disclosure

Account deletion using the /v1/account/destroy API endpoint using account password without 2FA verification

Reported by: erdy | Disclosed:

Medium

Weakness: Improper Authentication - Generic

Bounty: $1000.00

[ addons-preview-cdn.mozilla.net ] A subdomain takeover is available via unregistered domain in Fastly

Reported by: haveaniceday | Disclosed:

Medium

Weakness: Misconfiguration

Bounty: $500.00

Bypass Email Verification on Add Email Monitoring

Reported by: dotxml | Disclosed:

Medium

Weakness: Information Disclosure

Mozilla Employee's Token for sql.telemetry.mozilla.org Exposed in Git Commit

Reported by: yakirka | Disclosed:

Critical

Weakness: Cleartext Storage of Sensitive Information

Subdomain takeover on one of the subdomain under mozaws.net

Reported by: d0xing | Disclosed:

Medium

Weakness: Misconfiguration

Response Manipulation to enable Account recovery key with out current password

Reported by: saiteja12313234 | Disclosed:

Weakness: Improper Access Control - Generic

Jira Credential Disclosure within Mozilla Slack

Reported by: griffinf | Disclosed:

Critical

Weakness: Information Disclosure

Bounty: $1000.00

Insecure S3 Bucket Exposing Git Directory in Mozilla Foundation Infographics Project

Reported by: psycho_012 | Disclosed:

Low

Weakness: Improper Access Control - Generic

Previous Page 2 of 4 Next