IDOR on Delete Email address features
High
M
Mozilla
Submitted None
Team Summary
Official summary from Mozilla
An Insecure direct object reference vulnerability was found in Mozilla Monitor which allowed any user to delete secondary email addresses in other users' accounts, using the email address ID. The vulnerability was fixed by ensuring that the delete operation is properly scoped to a particular user.
Actions:
Reported by
ryujinx
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Insecure Direct Object Reference (IDOR)