Mozilla: Improving Security for Bugzilla
Mozilla: Improving Security for Bugzilla
The Mozilla blog has disclosed
that the official Mozilla instance of Bugzilla was recently
compromised by an attacker who stole "security-sensitive
information
" related to unannounced vulnerabilities in
Firefox—in particular, the PDF
Viewer exploit discovered on August 5. The blog post explains that
Mozilla has now taken several steps to reduce the risk of future
attacks using Bugzilla as a stepping stone. "As an immediate
first step, all users with access to security-sensitive information
have been required to change their passwords and use two-factor
authentication. We are reducing the number of users with privileged
access and limiting what each privileged user can do. In other words,
we are making it harder for an attacker to break in, providing fewer
opportunities to break in, and reducing the amount of information an
attacker can get by breaking in.
"