Mozilla Blames Bugzilla Hack For Firefox Attack

Bug reporting system compromised by hackers and used to attack on Firefox users, Mozilla admits

Mozilla has admitted that hackers stole security-sensitive information from Bugzilla, the company’s bug tracker system, and used it to “attack” Firefox users.

“We are disclosing today that someone was able to steal security-sensitive information from Bugzilla,” said Mozilla in a blog posting. “We believe they used that information to attack Firefox users. Mozilla has conducted an investigation of this unauthorised access, and we have taken several actions to address the immediate threat.

However the site has promised it had now “taken several actions to address the immediate threat.”

Bugzilla Flaw

Firefox_3The open source foundation also said it was making improvements to Bugzilla to beef up the security of its products, developer community and its users. All users that have access to security information have had to change their passwords and use two-factor authentication. It is also limiting the number of ‘privileged access’ users.

“The account that the attacker broke into was shut down shortly after Mozilla discovered that it had been compromised,” it blogged. “We believe that the attacker used information from Bugzilla to exploit the vulnerability we patched on August 6. We have no indication that any other information obtained by the attacker has been used against Firefox users.”

The latest version of Firefox apparently fixes all the vulnerabilities the attacker may have learned.

Mozilla meanwhile has notified relevant law enforcement authorities of the breach.

Other Scares

This is not the first time that Mozilla has suffered a security scare. This time last year for example Mozilla admitted to a serious data breach of its developer details.

Mozilla developers were deeply unimpressed after a data sanitization process of the Mozilla Developer Network (MDN) site database failed, which resulted in the accidental disclosure of MDN email addresses of about 76,000 users and encrypted passwords of about 4,000 users on a publicly accessible server.

And in 2013, Mozilla had to send a British spyware pusher (Gamma International) a cease and desist letter, after a report showed how the surveillance software was being delivered under the guise of a Firefox executable.

Are you a Firefox enthusiast? Take our quiz!