Security improvements

Bug #2076665 reported by Skia
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Errors
Confirmed
High
Unassigned

Bug Description

This bug is a follow up of bug 2046565.

Original description, excluding the XSS part that has been fixed:

This deployment of the error tracker also lacks security headers such as CSP, and imports Yahoo APIs via plain HTTP.

(Also, TLSv1.0 and v1.1 and many of the currently supported TLSv1.2 cipher suites ought to be disabled on any production sites nowadays.)

Skia (hyask)
Changed in errors:
status: New → Confirmed
importance: Undecided → High
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.