Internal errors on this Mozilla website?

https://sitecheck.sucuri.net/results/support.mozilla.org

Sucuri reports “critical” 500 errors on the website, probably harmless?

If you look at where sucuri found the error … the link outlined in RED

this one

https://support.mozilla.org/t5/community/categorypage.enableautocomplete:enableautocomplete?t:ac=category-id/Mozilla-EN&t:cp=action/contributions/searchactions

dont exist/content removed :wink: so nothing to scan

And what do they think themselves? Not actually that ‘hardened’ for security, see: https://observatory.mozilla.org/analyze.html?host=support.mozilla.org
And what to think about this: http://retire.insecurity.today/#!/scan/414273cbfd5e239ee353be4549ea29366b4fe69183f8ca10271a976537a9cc72
See the redirects: http://urlquery.net/queued.php?id=2308059276
See code: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fsupport.mozilla.org

So again javascript and the danger it poses… :wink:

script
info: [script] hwsfp35778.i.lithium.com/t5/scripts/72218CFCCC1EC9B90A577497E460C8C1/lia-scripts-head-min.js
info: [decodingLevel=0] found JavaScript
error: undefined variable LITHIUM
error: undefined variable LITHIUM.Components
error: line:1: SyntaxError: missing ; before statement:
error: line:1: var LITHIUM.Components = 1;
error: line:1: …^
bad practice undefined variable!

Also consider: http://urlquery.net/id=2308059276

See dns report as support dot mozilla dot org is a bad zone, we checked the main domain: WARNING: MX records duplicates (same IP address): security issues: chrome-extension://ljafjhbjenhgcgnikniijchkngljgjda/popup.html?tabid=173&securl=https%3A%2F%2Fsupport.mozilla.org%2Ft5%2FMozilla-Support-English%2Fct-p%2FMozilla-EN

polonus (volunteer website security analyst and website error-hunter)

ljafjhbjenhgcgnikniijchkngljgjda/popup.html
Im no coder but that seems a bit wacky and weird :-\

Quttera report shows bunch of suspicious files :-\

https://quttera.com/detailed_report/support.mozilla.org

The pop-up is from RECX security extension in Chrome, hardly a threat.

The suspicious code that Quttera flags as suspicious (mind not malicious, could be adware) kicks up an error in the script code like “SyntaxError: unterminated string literal:” so the developer produces code, that

Too low entropy detected in string [[‘<a name="feedback-error"> </a>\n\n\t\n\t\t<div class="InfoMessage lia-panel-feedback-inline-aler’]] of length 486 which may point to obfuscation or shellcode.
Ajax-error. 13 detections like this.

Some risk here: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fsupport.mozilla.org%2Ft5%2Fuser%2Floginpage%3Fdest_url%3Dhttps%253A%252F%252Fsupport.mozilla.org%252Ft5%252FMozilla-Support-English%252Fct-p%252FMozilla-EN%253Flang%253Den%26nospellcheck%3Dtrue%26q%3D_change_me_

Also consider: https://webcookies.org/cookies/support.mozilla.org/3141472 (no other tracking detected - missing security headers)

Apart from the dead link I see not much wrong, Quttera flags an anomaly as a potential insecurity, but as it seems due to a coding error, it would not worry me that much. Furthermore I do not know as howfar the XSS dom vulnerabilities (sinks and sources) could be abused.

polonus

I accidentally went to visit support.mozilla.org due to accidentally clicking a “support” button on my FF today so I decided to checke the site again, and Sucuri shows site being green again: https://sitecheck.sucuri.net/results/support.mozilla.org