Published on Sep 6, 2015
Mozilla yesterday detailed a security attack on its bug tracker and testing tool Bugzilla, as well as the steps it is taking to mitigate a repeat incident. In short, a hacker compromised the service, stole security-sensitive information, and used it to attack Firefox users.
Bugzilla is open-source software that has been adopted by a variety of organizations in addition to Mozilla: WebKit, the Linux kernel, FreeBSD, Gnome, KDE, Apache, Red Hat, Eclipse, and LibreOffice. While Bugzilla is mostly public, access to security-sensitive information is restricted so that only certain privileged users can access it. Following the attack, Mozilla has now beefed up security on those accounts.