The incident isn't the first problem with Bugzilla. Last year, tens of thousands of Bugzilla users' email addresses and encrypted passwords were exposed on a publicly-accessible server for as long as three months. Also in 2014, Bugzilla was patched to lock down a privilege escalation vulnerability that could have let unauthorized users gain administrative access.
Mozilla urged Firefox users to update the browser to Firefox 40, which was released Aug. 27, as that version patched all remaining vulnerabilities the attacker accessed.
Sign up for Computerworld eNewsletters.