SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
7 Sep 2015

Mozilla bug tracker hacked

Mozilla engineers have revealed that their bug tracking application was compromised, and an unknown attacker had used a privileged account which had access to sensitive information about unpatched Firefox vulnerabilities.

According to the foundation's security disclosure, they confirmed the attacker had access to the bug tracker since September 2014, but they suspect access goes back even further, to September 2013.

Mozilla security experts blame this incident on one of its users that had reused the bug tracker's password on another site, which was later hacked. The company's bug tracker, which is named Bugzilla and is also available as open source, is the instrument which the foundation uses to track problems with its software, may it be Firefox, Thunderbird, Firefox OS, or anything else.

Because bugs reported to the Foundation can be of a high-security risk, some are kept private and only published after they are fixed. According to the company's internal investigation, the user that had his account compromised had access only to critical Firefox bugs, and not those in other products. In the time span the attacker had access to Bugzilla's private section, Mozilla engineers report that they recorded 185 non-public bugs.

Attacker had access to critical Firefox bugs

Out of these 185 bugs, 110 were private because they contained proprietary information, 22 bugs described minor security issues, and 53 were severe vulnerabilities. From the 53 high-security bugs, 43 were already fixed, but not published, when the attacker found out about them, and data from only 10 bugs could have been actively exploited.

From these 10 bugs, 2 were fixed in less than a week, 5 bugs took between 7 and 36 days to address, and the other 3 bugs were fixed in 131, 157, and 335 days respectively. The Mozilla Foundation reports that there were no recorded cases of any of these bugs being used in real-world attacks.

To fix the security problem, Bugzilla admins have forced any user with access to the bug tracker's private section to change their password, they have cut down the number of users with access to this section, and have also limited their access rights, so future breaches would expose smaller amounts of information.

Tags:
hackers Mozilla information leaks Firefox Bugzilla
Source:
Softpedia
2746
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015