SECURITY.md

This policy applies to MDN's website (developer.mozilla.org), backend services, and GitHub repositories in themdn organization. Issues affecting other Mozilla products or services should be reported through theMozilla Security Bug Bounty Program.

For non-security issues, please file acontent bug, awebsite bug or acontent/feature suggestion.

If you discover a potential security issue, please report it privately viahttps://hackerone.com/mozilla.

If you prefer not to use HackerOne, you can report it viahttps://bugzilla.mozilla.org/form.web.bounty.

Vulnerabilities in MDN may qualify for Mozilla's Bug Bounty Program. Eligibility and reward amounts are described onhttps://hackerone.com/mozilla.

Please use the above channels even if you are not interested in a bounty reward.

Please do not publicly disclose details until Mozilla's security team and the MDN engineering team have verified and fixed the issue.

We appreciate your efforts to keep MDN and its users safe.

There aren’t any published security advisories