Mozilla says hacker compromised Bugzilla and used stolen ‘security-sensitive’ info to attack Firefox users

Emil Protalinsky reports:

Mozilla today detailed a security attack on its bugtracker and testing tool Bugzilla, and the steps it is taking to mitigate a repeat incident. In short, a hacker compromised the service, stole security-sensitive information, and used it to attack Firefox users.

Bugzilla is open-source software that has been adopted by a variety of organizations in addition to Mozilla: WebKit, the Linux kernel, FreeBSD, Gnome, KDE, Apache, Red Hat, Eclipse, and LibreOffice. While Bugzilla is mostly public, access to security-sensitive information is restricted so that only certain privileged users can access it. Following the attack, Mozilla has now beefed up security on those accounts.

After conducting an investigation of the unauthorized access, Mozilla believes the attacker used information from Bugzilla to exploit a Firefox vulnerability. The company plugged that Firefox security hole on August 6, just a day after it was reported to the company.

Read more on VentureBeat.

About the author: Dissent