This is old stuff, which i should have posted before, discovered in Mozilla websites several weeks ago:
- bugzilla.mozilla.org: CSRF (saved searches).
- creative.mozilla.org: CSRF (user profile).
- developer.mozilla.org: Plain text password disclosure.
I will provide some details about them.
1. CSRF (saved searches) in bugzilla.mozilla.org
PoC: http://pastebin.com/63H2YtMd
Sec-Severity: Low/Medium
Description: Saved searches for bugzilla user's panel are not protected against CSRF attacks and it could be used to add bullshit.
This vulnerability affects to Bugzilla (bug tracking system of mozilla foundation) <= 3.2.9, 3.4.9, 3.6.3, and 4.0rc1
Reference: http://www.bugzilla.org/security/3.2.9/
Screenshot:Reference: http://www.bugzilla.org/security/3.2.9/
Fig.1: Launching the CSRF exploit
PoC: http://pastebin.com/0r1MyvVv
Sec-Severity: Critical
CVE: N/A
Description: User profile could be changed using a CSRF attack.
Screenshot:
Fig.3: CSRF (user profile) in create.mozilla.org3. Plain text password disclosure in developer.mozilla.org
PoC: Register to developer.mozilla.org and then, come back to check your mail. This site sent your password in plain text.
Sec-Severity: High
CVE: N/A
Description: MDC sent your password in plain text.
Screenshot:
And yep, my MDC password contains an "e".
On the other hand, Mozilla security team solves these issues quickly.
That's all. Be safe ;)
