Bugzilla

We already have a problem with new people who join bugzilla and vandalize bugs. Even apart from spammers, just people playing around to see how it works. We should NOT allow these new people to use the [Triage request form](https://bugzilla.mozilla.org/page.cgi?id=triage_request.html) to self-grant the ability to change resolutions on bugs that are not their own.

I'm not sure what value of "new" to use. 6 months? 6 weeks?

* At the very least, a "NEW" account trying to load https://bugzilla.mozilla.org/page.cgi?id=triage_request.html should get an error. Dealer's choice whether you make a nice error page for it or just return a 403 Unauthorized
* if you want to get fancy you could hide the "canconfim" line on https://bugzilla.mozilla.org/page.cgi?id=get_permissions.html if the account is "NEW"--if they are they won't know what they're missing.

There are other possible changes (like direct people to chat.mozilla.org to ask people, or set up another "file a bug" form), but I suspect people that new don't even know about canconfirm and would not be asking about it except that page tells them it exists. If new users find out it exists because they're already in chat and someone sends them to that page then the person who sent them can also help if they can't find the link.

We already have a problem with new people who join bugzilla and vandalize bugs. Separate from spammers, just people playing around to see how it works (students, bug bounty hunters). We should NOT allow these new people to use the [Triage request form](https://bugzilla.mozilla.org/page.cgi?id=triage_request.html) to self-grant the ability to change resolutions on bugs that are not their own. "New" accounts should not be allowed to do this. ([example instance](https://bugzilla.mozilla.org/page.cgi?id=user_activity.html&action=run&who=santoshpavan.666%40gmail.com&from=2025-09-15&to=2025-09-19&group=when))

I'm not sure what value of "new" to use. 6 months? 6 weeks?

* At the very least, a "NEW" account trying to load https://bugzilla.mozilla.org/page.cgi?id=triage_request.html should get an error. Dealer's choice whether you make a nice error page for it or just return a 403 Unauthorized
* if you want to get fancy you could hide the "canconfim" line on https://bugzilla.mozilla.org/page.cgi?id=get_permissions.html if the account is "NEW"--if they are they won't know what they're missing.

There are other possible changes (like direct people to chat.mozilla.org to ask people, or set up another "file a bug" form), but I suspect people that new don't even know about canconfirm and would not be asking about it except that page tells them it exists. If new users find out it exists because they're already in chat and someone sends them to that page then the person who sent them can also help if they can't find the link.