getpersonas.com has been 0day'd on bugtraq... the reporter actually sent us two mails (one cc'd to bugtraq and one not), so my main concern is tackling the vulnerability that was sent to bugtraq (bug 542182). Please apply attachment 423504 [details] [diff] to production getpersonas.com.
Assignee: server-ops → justdave
Appears to be a bunch of other changes in svn besides this patch, so applied the patch manually instead of updating from svn. Should be live.
Status: NEW → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → FIXED
I can confirm the XSS no longer works. Well, that's one down, five more to go. :(
Adding keywords to bugs for metrics, no action required. Sorry about bugmail spam.
Component: Server Operations: Web Operations → WebOps: Other
Product: mozilla.org → Infrastructure & Operations
You need to log in before you can comment on or make changes to this bug.