https://sitecheck.sucuri.net/results/support.mozilla.org
Sucuri reports “critical” 500 errors on the website, probably harmless?
https://sitecheck.sucuri.net/results/support.mozilla.org
Sucuri reports “critical” 500 errors on the website, probably harmless?
If you look at where sucuri found the error … the link outlined in RED
this one
dont exist/content removed so nothing to scan
And what do they think themselves? Not actually that ‘hardened’ for security, see: https://observatory.mozilla.org/analyze.html?host=support.mozilla.org
And what to think about this: http://retire.insecurity.today/#!/scan/414273cbfd5e239ee353be4549ea29366b4fe69183f8ca10271a976537a9cc72
See the redirects: http://urlquery.net/queued.php?id=2308059276
See code: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fsupport.mozilla.org
So again javascript and the danger it poses…
scriptbad practice undefined variable!
info: [script] hwsfp35778.i.lithium.com/t5/scripts/72218CFCCC1EC9B90A577497E460C8C1/lia-scripts-head-min.js
info: [decodingLevel=0] found JavaScript
error: undefined variable LITHIUM
error: undefined variable LITHIUM.Components
error: line:1: SyntaxError: missing ; before statement:
error: line:1: var LITHIUM.Components = 1;
error: line:1: …^
Also consider: http://urlquery.net/id=2308059276
See dns report as support dot mozilla dot org is a bad zone, we checked the main domain: WARNING: MX records duplicates (same IP address): security issues: chrome-extension://ljafjhbjenhgcgnikniijchkngljgjda/popup.html?tabid=173&securl=https%3A%2F%2Fsupport.mozilla.org%2Ft5%2FMozilla-Support-English%2Fct-p%2FMozilla-EN
polonus (volunteer website security analyst and website error-hunter)
ljafjhbjenhgcgnikniijchkngljgjda/popup.htmlIm no coder but that seems a bit wacky and weird :-\
Quttera report shows bunch of suspicious files :-\
The pop-up is from RECX security extension in Chrome, hardly a threat.
The suspicious code that Quttera flags as suspicious (mind not malicious, could be adware) kicks up an error in the script code like “SyntaxError: unterminated string literal:” so the developer produces code, that
Too low entropy detected in string [[‘<a name="feedback-error"> </a>\n\n\t\n\t\t<div class="InfoMessage lia-panel-feedback-inline-aler’]] of length 486 which may point to obfuscation or shellcode.Ajax-error. 13 detections like this.
Also consider: https://webcookies.org/cookies/support.mozilla.org/3141472 (no other tracking detected - missing security headers)
Apart from the dead link I see not much wrong, Quttera flags an anomaly as a potential insecurity, but as it seems due to a coding error, it would not worry me that much. Furthermore I do not know as howfar the XSS dom vulnerabilities (sinks and sources) could be abused.
polonus
I accidentally went to visit support.mozilla.org due to accidentally clicking a “support” button on my FF today so I decided to checke the site again, and Sucuri shows site being green again: https://sitecheck.sucuri.net/results/support.mozilla.org