Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bugzilla Bug Exposes Zero-Day Bugs

Posted by samzenpus on from the bug-hive dept.

tsu doh nimh writes A previously unknown security flaw in Bugzilla — a popular online bug-tracking tool used by Mozilla and many of the open source Linux distributions — allows anyone to view detailed reports about unfixed vulnerabilities in a broad swath of software. Bugzilla is expected today to issue a fix for this very serious weakness, which potentially exposes a veritable gold mine of vulnerabilities that would be highly prized by cyber criminals and nation-state actors.

2 of 34 comments (clear)

  1. Nice going by ArcadeMan · · Score: 4, Insightful

    So, instead of waiting for that to be patched, the news is spreading that people can use it to find security holes in a lot of software. I'm all for open formats, open source and whatnot, but this is not a good way to do things regarding security. Warn the people in charge of the project, not the general public.

    --
    Get free satoshi (Bitcoin) and Dogecoins
  2. Zero-Day - redundant. by Anonymous Coward · · Score: 3, Insightful

    What/why is this obsession/FUD with calling things "Zero-Day" bugs? Is this to suggest that bugs magically appear the 10th day or whatever after release?

    A bug/exploit in the software is always there at the zero-day. Doesn't matter if it's found immediately or 20 years from release.