I \/ w4rri0r \/ have found Injection Attack - HTTP Parameter Tampering Vulnerability in one of the mozilla.org sub-domain i.e bugzilla.mozilla.org
Vulnerability Description -
The Web / HTTP Parameter Tampering attack is based on the manipulation of parameters exchanged between client and server in order to modify application data, such as user credentials and permissions, price and quantity of products, etc. Usually, this information is stored in cookies, hidden form fields, or URL Query Strings, and is used to increase application functionality and control.
The attack success depends on integrity and logic validation mechanism errors, and its exploitation can result in other consequences including XSS, SQL Injection, file inclusion, and path disclosure attacks.
For more information - https://www.owasp.org/index.php/Web_Parameter_Tampering
PoC URL -
From the above PoC URL, Malicious user modifying elements in the URL sent to a Web site in order to obtain unauthorized information. By modifying the arguments (parameters) in the query, the malicious user can navigate the trusted users and retrieve and/or modify its contents. [Enclosed Screen Shot].
Prevent to parameters / arguments with on the URL.
Proper error and customized 404 error page page should be come.