View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
September 7, 2015

Cyber-attacks hit Firefox after Bugzilla raid

Bug-tracking database was turned against Firefox in attack, Mozilla admits.

By Alexander Sword

Mozilla Firefox users were subjected to cyber-attacks after hackers stole security-sensitive information from the Bugzilla database.

Firefox Security Lead Richard Barnes admitted on the company’s security blog that an attacker accessed information about several vulnerabilities in the browser. The attacker first accessed Bugzilla in either September 2013 or September 2014.

According to Mozilla, most of the bugs that the hacker accessed information about were fixed before the hack. However, there was period of time where 10 bugs were exploitable.

Mozilla shared information of one specific attack, where visitors to a Russian news website were attacked before the applicable bug was patched. This led to "private data" from the users being collected.

To access the information, the hacker acquired the password of a privileged user of Bugzilla, the tool used to track bugs when they are discovered in order to share information between contributors to the project.

Mozilla detailed three steps it would be taking: adding two-factor authentication for privileged users, reducing the amount of information accessible to each user and increasing auditing on the actions of privileged users.

"Mozilla has conducted an investigation of this unauthorized access, and we have taken several actions to address the immediate threat," Barnes wrote. "We are also making improvements to Bugzilla to ensure the security of our products, our developer community, and our users."

Content from our partners
How to engage in SAP monitoring effectively in an era of volatility
How to turn the evidence hackers leave behind against them
Why food manufacturers must pursue greater visibility and agility

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU