reported from a web site tester. have a look when you have time. content can be injected on the error pages as in: https://support.mozilla.com/tiki-error.php?error=Mozilla%20Has%20Been%20Hacked and authstage site gets some unexpected errors. https://www.authstage.mozilla.com/en-US/ gets Warning: require_once(/data/www/www.mozilla.com-svn/includes/helpers.php) [function.require-once]: failed to open stream: No such file or directory in /data/www/www.mozilla.com-svn/en-US/index.html on line 2 Fatal error: require_once() [function.require]: Failed opening required '/data/www/www.mozilla.com-svn/includes/helpers.php' (include_path='.:/usr/share/pear:/usr/share/php') in /data/www/www.mozilla.com-svn/en-US/index.html on line 2
Please file a separate bug for authstage. None of the relevant people will see it under the support.mozilla.com component.
Status: NEW → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 551306
since the injection bug already has a dup, lets just use this for the warnings on authstage. whats the right product/component?
(In reply to comment #2) > since the injection bug already has a dup, lets just use this for the warnings > on authstage. whats the right product/component? This bug contains a description of an open, albeit minor, security issue. It shouldn't be made public again.
ok, whats the right component for the other bug?
I'd file it under Websites/www.mozilla.com. If that's wrong someone will find it there.
These bugs are all resolved, so I'm removing the security flag from them.
You need to log in before you can comment on or make changes to this bug.