Bugzilla Bug Exposes Zero-Day Bugs

tsu doh nimh writes A previously unknown security flaw in Bugzilla — a popular online bug-tracking tool used by Mozilla and many of the open source Linux distributions — allows anyone to view detailed reports about unfixed vulnerabilities in a broad swath of software. Bugzilla is expected today to issue a fix for this very serious weakness, which potentially exposes a veritable gold mine of vulnerabilities that would be highly prized by cyber criminals and nation-state actors.

Nice going

[ArcadeMan]

So, instead of waiting for that to be patched, the news is spreading that people can use it to find security holes in a lot of software. I'm all for open formats, open source and whatnot, but this is not a good way to do things regarding security. Warn the people in charge of the project, not the general public.