• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • April 19th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Hacking News

Mozilla’s Bugzilla Hacked, Stolen Data Used For Targeting Firefox users

September 6th, 2015 Waqas Hacking News, Security 0 comments
Mozilla’s Bugzilla Hacked, Stolen Data Used For Targeting Firefox users
Share on FacebookShare on Twitter

Mozilla yesterday detailed a security attack on its bug tracker and testing tool Bugzilla, as well as the steps it is taking to mitigate a repeat incident. In short, a hacker compromised the service, stole security-sensitive information, and used it to attack Firefox users.

Bugzilla is open-source software that has been adopted by a variety of organizations in addition to Mozilla: WebKit, the Linux kernel, FreeBSD, Gnome, KDE, Apache, Red Hat, Eclipse, and LibreOffice. While Bugzilla is mostly public, access to security-sensitive information is restricted so that only certain privileged users can access it. Following the attack, Mozilla has now beefed up security on those accounts.

mozillas-bugzilla-hacked-stolen-data-used-for-targeting-firefox-users

After conducting an investigation of the unauthorized access, Mozilla believes the attacker used information from Bugzilla to exploit a Firefox vulnerability. The company plugged that Firefox security hole on August 6, just a day after it was reported to the company.

The flaw was being exploited in the wild: Attackers were injecting a malicious script that searched for key files on a user’s machine and then uploaded them to a remote server, thought to be located in the Ukraine. Firefox users merely had to load a webpage with the exploit on it, and the attack left no trace.

Mozilla said the latest update to Firefox 40 (version 40.0.3, released on August 27) addressed all the vulnerabilities that the attacker learned about and could have used to harm Firefox users. With that out of the way, the company is now focusing on the Bugzilla side of the attack.

Although Mozilla shut down the account that the attacker broke into “shortly after” the company discovered that it had been compromised, there is still more work to be done:

We are updating Bugzilla’s security practices to reduce the risk of future attacks of this type. As an immediate first step, all users with access to security-sensitive information have been required to change their passwords and use two-factor authentication. We are reducing the number of users with privileged access and limiting what each privileged user can do. In other words, we are making it harder for an attacker to break in, providing fewer opportunities to break in, and reducing the amount of information an attacker can get by breaking in.

Additionally, Mozilla said it has notified relevant law enforcement authorities about the incident. The company may also take “additional steps based on the results of any further investigations.”

Suggest ideas, report typos and corrections to admin@hackread.com 

[src src=”Source” url=”https://venturebeat.com/2015/09/04/mozilla-says-hacker-compromised-bugzilla-and-used-stolen-security-sensitive-info-to-attack-firefox-users/”]VB[/src]

  • Tags
  • Browser
  • Bugzilla
  • Firebox
  • hacking
  • Mozilla
  • security
  • Vulnerability
Facebook Twitter LinkedIn Pinterest
Previous article Edited, Photoshopped Images of Syrian Boy Washed Ashore Go Viral
Next article iPhone Saves Man's Life by Stopping a Bullet from Close Range
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
WhatsApp Pink is malware spreading through group chats

WhatsApp Pink is malware spreading through group chats

A hacker claims to be selling sensitive data from OTP generating firm

A hacker claims to be selling sensitive data from OTP generating firm

2021 and Emerging Cybersecurity Threats

2021 and Emerging Cybersecurity Threats

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
WhatsApp Pink is malware spreading through group chats
Security

WhatsApp Pink is malware spreading through group chats

A hacker claims to be selling sensitive data from OTP generating firm
Hacking News

A hacker claims to be selling sensitive data from OTP generating firm

1-click code execution vulnerabilities in popular software apps
News

1-click code execution vulnerabilities in popular software apps

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us