Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Mozilla admits bug-tracker breach led to attacks against Firefox users

Gregg Keizer | Sept. 7, 2015
Hacker accessed Bugzilla for at least a year, maybe two; gained insight into flaw before it was patched

The incident isn't the first problem with Bugzilla. Last year, tens of thousands of Bugzilla users' email addresses and encrypted passwords were exposed on a publicly-accessible server for as long as three months. Also in 2014, Bugzilla was patched to lock down a privilege escalation vulnerability that could have let unauthorized users gain administrative access.

Mozilla urged Firefox users to update the browser to Firefox 40, which was released Aug. 27, as that version patched all remaining vulnerabilities the attacker accessed.


Previous Page  1  2 

Sign up for Computerworld eNewsletters.