This code and its associated production web page are included in Mozilla’s web and services bug bounty program on HackerOne. If you find a security vulnerability, please submit it via the process outlined in the program policy.
Please submit all security-related bugs through HackerOne. Never submit security-related bugs through a Github Issue or by email.