Earlier this month, it was reported that hackers managed to breach the bug database of Mozilla. From here, the attackers accessed 185 non-public bugs for the popular Internet browser Firefox, 53 of which were categorized as severe vulnerabilities.
At least one of these has been used in the wild, against visitors of a Russian news site. Now, it might not just be Mozilla’s non-public bugs that are under threat. A security company has discovered how to obtain high-level permissions on Bugzilla, the vulnerability database used by Mozilla as well as a host of open-source projects and private businesses. These databases contain all sorts of sensitive information.Read more
Mozilla engineers have revealed that their bug tracking application was compromised, and an unknown attacker had used a privileged account which had access to sensitive information about unpatched Firefox vulnerabilities.
According to the foundation's security disclosure, they confirmed the attacker had access to the bug tracker since September 2014, but they suspect access goes back even further, to September 2013. Mozilla security experts blame this incident on one of its users that had reused the bug tracker's password on another site, which was later hacked. The company's bug tracker, which is named Bugzilla and is also available as open source, is the instrument which the foundation uses to track problems with its software.Read more