Mozilla denies HawkAuth bypass but still fix and deprecate it(langton.cloud)
langton.cloud
Mozilla denies HawkAuth bypass but still fix and deprecate it
https://www.langton.cloud/hawkauth-bypass/
1 comments
Mozilla denies HawkAuth bypass in the open source repo they maintain, refusal to issue a CVE for severity reasons (that's an oxymoron), while deprecating it from their backend account and payment services (FXA), fixing private reported vulnerabilities, and acknowledged the issue as a Hall of Fame bug bounty submission.
But yet deny a CVE and refused a patch PR submission denying the issue..