[Project_owners] [URGENT] Action required: mozdev security flaw

Eric H. Jung eric.jung at yahoo.com
Tue Sep 28 16:22:42 PDT 2010

For any projects that now have PHP enabled, please rename files ending in
.php to .html. Files with the .php extension no longer execute through the
PHP interpreter.


On Mon, Sep 27, 2010 at 12:46 PM, Eric H. Jung <eric.jung at yahoo.com> wrote:

> Hello,
> It has been brought to the attention of the mozdev board of directors,
> system administrators, and volunteers that the mozdev.org hosting code has
> critical security flaws. The short-term fix is to *immediately *disable
> PHP on mozdev project pages except for those projects that:
> 1. Explicitly request PHP enabled for their project by emailing
> sysadmin at mozdev.org,
> and
> 2. Are granted such request by executive decision of mozdev.org's board,
> system administrators, and/or volunteers.
> If you require PHP for your project, please email sysadmin at mozdev.org. We
> will not be waiting to hear from you; PHP is being disabled *today*.
> We apologize for the short notice, but we have information that mozdev.orgmay be attacked by nefarious individuals.
> Kind regards,
> Eric Jung
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.mozdev.org/pipermail/project_owners/attachments/20100928/6144b61e/attachment-0001.html>

More information about the Project_owners mailing list