Mozilla denies HawkAuth bypass in the open source repo they maintain, refusal to issue a CVE for severity reasons (that's an oxymoron), while deprecating it from their backend account and payment services (FXA), fixing private reported vulnerabilities, and acknowledged the issue as a Hall of Fame bug bounty submission.
But yet deny a CVE and refused a patch PR submission denying the issue..
1 comment
[ 3.0 ms ] story [ 9.8 ms ] thread