Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bugzilla Breached, Private Vulnerability Data Stolen

Posted by Soulskill on from the harvesting-from-the-ripest-bush dept.

darthcamaro writes: Mozilla today publicly announced that secured areas of bugzilla, where non-public zero days are stored, were accessed by an attacker. The attacker got access to as many as 185 security bugs before they were made public. They say, "We believe they used that information to attack Firefox users." The whole hack raises the issue of Mozilla's own security, since it was a user password that was stolen and the bugzilla accounts weren't using two-factor authentication. According to Mozilla's FAQ about the breach (PDF), "The earliest confirmed instance of unauthorized access dates to September 2014. There are some indications that the attacker may have had access since September 2013."

2 of 97 comments (clear)

  1. Re:Chrome by Anonymous Coward · · Score: 5, Informative

    Just one more reason to use Chrome. Firefox hasn't offered anything in years that Chrome doesn't do and does better, and since it's free and open source there's really no reason at all to stick with a legacy browsers.

    Chromium is open source. Chrome is not.

  2. *Mozilla* Bugzilla breached. Not all bugzillas by Da+w00t · · Score: 5, Informative

    Please update the article title, JFC.

    --

    da w00t. mtfnpy?