Mozilla Blames Bugzilla Hack For Firefox Attack

Mozilla has admitted that hackers stole security-sensitive information from Bugzilla, the company’s bug tracker system, and used it to “attack” Firefox users.

“We are disclosing today that someone was able to steal security-sensitive information from Bugzilla,” said Mozilla in a blog posting. “We believe they used that information to attack Firefox users. Mozilla has conducted an investigation of this unauthorised access, and we have taken several actions to address the immediate threat.

However the site has promised it had now “taken several actions to address the immediate threat.”

Bugzilla Flaw

The open source foundation also said it was making improvements to Bugzilla to beef up the security of its products, developer community and its users. All users that have access to security information have had to change their passwords and use two-factor authentication. It is also limiting the number of ‘privileged access’ users.

“The account that the attacker broke into was shut down shortly after Mozilla discovered that it had been compromised,” it blogged. “We believe that the attacker used information from Bugzilla to exploit the vulnerability we patched on August 6. We have no indication that any other information obtained by the attacker has been used against Firefox users.”

The latest version of Firefox apparently fixes all the vulnerabilities the attacker may have learned.

Mozilla meanwhile has notified relevant law enforcement authorities of the breach.

Other Scares

This is not the first time that Mozilla has suffered a security scare. This time last year for example Mozilla admitted to a serious data breach of its developer details.

Mozilla developers were deeply unimpressed after a data sanitization process of the Mozilla Developer Network (MDN) site database failed, which resulted in the accidental disclosure of MDN email addresses of about 76,000 users and encrypted passwords of about 4,000 users on a publicly accessible server.

And in 2013, Mozilla had to send a British spyware pusher (Gamma International) a cease and desist letter, after a report showed how the surveillance software was being delivered under the guise of a Firefox executable.

Are you a Firefox enthusiast? Take our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Samsung Warns Striking Workers In India Of No Pay, Possible Termination

Industrial dispute of Samsung workers in India escalates, as tech giant warns of no pay…

11 hours ago

Ukraine Bans Telegram On State-Issued Devices

National security move. Ukraine reportedly bans Telegram on state-issued devices due to Russian security threat

14 hours ago

Brazil’s Judge Accuses X of ‘Willful’ Circumvention

X at risk of $900,000 daily fine, as Justice de Moraes calls out “willful, illegal…

15 hours ago

YouTube Confirms Ads When Screen Is Paused

Chasing the almighty dollar. Alphabet's YouTube reportedly confirms it is delivering adverts on a user's…

1 day ago