What to do and what not to do in Bugzilla

This document covers the use of Bugzilla privileges to triage bugs. It explains what should and what should not be done in bugzilla.mozilla.org.

Getting/Upgrading Bugzilla privileges

If you want to get Bugzilla privileges (as described below), please see this page. It lists the requirements and the email to contact.

If you need faster access to get canconfirm or editbugs, especially in order to triage bugs or to participate in a bug day, then you can ask in #bmo on irc, or you may create a bug requesting permissions.  Include a link to your Bugzilla activity page in the bug description. Before you have canconfirm, you can still do good triaging by leaving comments with useful information on the bug that will help to confirm it. The same is true for editbugs: leave comments with the information you'd like to be able to edit into the bug, and that will help you get the editbugs permissions quickly. 

Canconfirm privilege

The canconfirm privilege allows you to confirm bugs and also to start your bug reports in the confirmed state (NEW). It also governs which bug entry form you are presented with first (either the guided or advanced forms).

Confirming unconfirmed bugs

Reporting new bugs

You should report a bug in the NEW state after going through the triaging process as described in the two above-mentioned guides.

You should look at all the open bugs you've reported (see the "My Bugs" link at the bottom of every Bugzilla page) at least every two months and test whether they still exist.

Editbugs privilege

The more powerful editbugs privilege gives you the privileges of canconfirm and also the ability to edit most aspects of a bug. Therefore, don't abuse your privileges.

Resolving bugs

Some general rules:

  • When you resolve a bug, CC yourself so that you are informed when new facts come up.
  • The conditions for not resolving a bug always overrule the conditions for resolving a bug.
  • When in doubt about resolving a bug, leave it alone!

Resolving bugs as DUPLICATE

See this guide for screening DUPLICATE bugs. In general newer bugs should be marked as DUPLICATEs of older bugs, except when the newer bug contains more information (bug description clearer, patch already attached, lots of people already CC'ed, etc.).

Resolving bugs as WORKSFORME

You can resolve a bug as WORKSFORME (WFM) if it can't be reproduced on the reported hardware/OS.

You should not resolve a bug as WFM if:

  • the bug reporter uses a different hardware/operating system (e.g. bug appears on Linux and you can't reproduce it on Windows).
  • the bug has been reproduced by some people but can't be reproduced by other people.

In general you can resolve a bug as WFM if:

  • three or more people with a similar/the same setup can't reproduce the bug and the bug is only seen by the bug reporter. In this case you shouldn't just mark it WFM instantly, but ask the reporter for more details first. When marking it WFM you should tell the bug reporter that they should reopen the bug if they can still see it with a recent build.
  • the build the bug is reported against is more than one stable release old and the bug can't be reproduced with a current build.
  • the bug reporter has not responded to questions for one month and the bug can't be reproduced with a current build.
  • the bug reporter reports that they can no longer see the bug and no other people report that they are still seeing the bug.

Resolving bugs as INCOMPLETE

The problem is vaguely described with no steps to reproduce, or is a support request. The reporter should be directed to the product's support page for help diagnosing the issue. If there are only a few comments in the bug, it may be reopened only if the original reporter provides more info, or confirms someone else's steps to reproduce. If the bug is long, when enough info is provided a new bug should be filed and the original bug marked as a duplicate of it.

Resolving bugs as INVALID

You should resolve a bug as INVALID if the issue described in the bug is clearly not a Mozilla bug or if the issue is intended behavior. The exceptions are bugs in other software which we have to work around and bugs that involve certain core Gecko modules. Bugs covered by this exception should not be INVALIDated by anyone other than the module owner or module peer; for bugs involving modules like Layout or Content, attach a test case to the bug and then CC one of the owners or peers. Reports of problems with specific websites that result from bad coding practices already determined to be “tech evangelism” cases by the module owner or peer, or problems that result from the use of proprietary technology, should be be moved to the Tech Evangelism product rather than being resolved as INVALID.

Resolving bugs as FIXED

Resolve a bug as FIXED if the bug has been fixed by a checkin into the Mozilla Mercurial code repository. Bugs which can no longer be reproduced should be marked WORKSFORME instead of FIXED if they can't be linked to a single checkin.

Resolving bugs as WONTFIX

Bugs should not be marked WONTFIX by the normal bug triager. The decision to mark a bug WONTFIX is reserved for module owners or module peers.

Verifying bugs

Only RESOLVED bugs can be verified. To verify a bug, you will need to be the bug reporter, assignee, qa_contact, or in the 'editbugs' permission group. You should verify a bug if it has been proven that the resolution of the bug was correct. When verifying a bug, you should remember the following:

  • Verifying DUPLICATEs is the easiest task, so start with that. Note that in general it's impossible to verify a DUPLICATE until the original has been resolved.
  • Verifying WONTFIX or INVALID bugs is relatively easy if a developer or a trusted QA person has WONTFIXed or INVALIDated them. Bugs that were INVALIDated or WONTFIXed by someone else must be verified by a module owner or module peer or someone who has been explicitly told by a module owner or module peer that they are able to do so for that module.
  • Before verifying FIXED bugs, make sure that you can verify them on every hardware/OS they were reported on. If that's impossible, try to cooperate with multiple people to verify the bug.
  • There are no clear rules for verifying WORKSFORME. In general you should make sure that the bug has been resolved for a few months and no complaints about the resolution have come up.

Note: Because of how duplicate detection works in Bugzilla, you should try not to verify bugs immediately after they're marked fixed; instead, let a little time pass first. This isn't mandatory, but can help prevent accidental filing of duplicates of a bug that's already been fixed.

Changing the bug information fields


You should change the summary if the current one is unclear or does not correctly describe the issue covered by the bug. You should not change the summary in order to morph the bug to describe a different issue. In this case the bug should be resolved and another bug should be opened.


Make sure that the OS or Hardware fields correctly display the systems that are affected. If a bug is Windows-only, change the field to the oldest affected operating system. If the bug is present on Linux and Windows, change the fields to Hardware = PC and OS = ALL. If another hardware platform like Mac or DEC is also affected, change Hardware to ALL.


This field describes the impact of a bug.

blocker Blocks development and/or testing work
critical crashes, loss of data, severe memory leak
major major loss of function
normal regular issue, some loss of functionality under specific circumstances
minor minor loss of function, or other problem where easy workaround is present
trivial cosmetic problem like misspelled words or misaligned text
enhancement Request for enhancement

The blocker severity should be used very seldomly, because only a fraction of the hundreds of thousands bugs really block the development of mozilla and these are normally fixed very quickly. As a result, bugs which are UNCONFIRMED for more than a few days do not qualify for the blocker severity. The exceptions to this rule are platform-specific or compiler-specific bugs. Basically, anything that prevents builds from building, running, or being used for dogfood (able to use Bugzilla, Tinderbox, LXR, etc.) is a blocker.

Bug reports about crashes, hangs, data-loss, or severe security exploits (e.g. remote execution of arbitrary code) get the critical severity.

Priority/Target Milestone

As stated in the Bugzilla Etiquette, you must not change the Target Milestone and Priority fields. These fields are reserved for the developers. This also applies to bugs with Target Milestones in the past.

Reassigning bugs

If a bug belongs to a different Product or Component it should be reassigned. When performing bug reassignments, keep the following things in mind:

  • Always remember to check the Reassign to default owner and QA Contact radio button under the comment textbox.
  • Mozilla applications like the Application Suite, Thunderbird, or Firefox share most of their program code and all of the backend code including things like network connectivity (FTP, HTTP, IMAP) and HTML rendering. Make sure that you also test Thunderbird or Firefox bugs with the Application Suite and move the bug to one of the core products, if the bug also exists in the Application Suite.
  • If you don't know where a bug belongs, don't touch it! For example, don't move bugs into the JS engine Component unless you really know they are JS engine bugs, and don't leave bugs in the JS engine Component if you know that the malfunction being described is a DOM problem.

Bug flags

Mozilla drivers use flags to identify bugs blocking a release. You may only use the blocking? flag to nominate bugs for blocking status. The use of the blocking- flag and the blocking+ flag is prohibited. Continued abuse will result in revocation of your Bugzilla privileges.

Mass changes

Mass changes (changes to more than one bug simultaneously) are discouraged. Don't do it!