Skip to content

Security: FirestormViewer/phoenix-firestorm

SECURITY.md

Reporting security issues

In the event that you come across a security vulnerability, exploit, or other sensitive issue regarding the viewer, it is important that this guide is followed carefully.

What is considered a security issues?

Any bug that can, but not limited to:

  1. Bypass asset permission restrictions
  2. Expose private data of other residents (Passwords, emails, etc)
  3. Allow access to other residents' accounts without their explicit permission
  4. Allow remote code execution on another resident's computer

What to do when you discover a security issue?

It is IMPORTANT to not disclose this in-world, or to share it with anyone outside of The Firestorm Team or the grid owner.

If the issue is related to Second Life or any other grid, and not the Firestorm viewer, please report the issue to the grid operator. For instance, in case of Second Life contact Linden Lab by following their security issues guide.

The Firestorm Team CANNOT assist with Second Life or any other grid related security issues, other than to point you in the right direction.

If you do not have a account on the Firestorm Jira, please create one before proceeding. If you need assistance creating one, please follow this guide on how to create one, or contact support in-world.

Please file your report as a support request! This way the report stays private and is seen by our team as soon as possible. We will move the issue to the bug tracker with private status, or to our internal project as needed so that it remains private.

You can create a support ticket here.

Thank you for helping keep The Firestorm Viewer safe and secure!

If you believe that your account has become compromised due to a security issue

Please change your password IMMEDIATELY and contact support of the grid your account has been compromised on.

There aren’t any published security advisories