1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Mozilla's bug tracking portal compromised, reused passwords to blame

Discussion in 'CSO' started by RSS, Sep 4, 2015.

  1. RSS

    RSS New Member Member

    In a blog post on Friday, Mozilla said that someone compromised an account on Bugzilla and used that access to obtain security-sensitive information and used it to attack Firefox users.

    Mozilla says that the user who had their Bugzilla account compromised reused that password on other domains.

    "The account that the attacker broke into was shut down shortly after Mozilla discovered that it had been compromised. We believe that the attacker used information from Bugzilla to exploit the vulnerability we patched on August 6.

    "We have no indication that any other information obtained by the attacker has been used against Firefox users. The version of Firefox released on August 27 fixed all of the vulnerabilities that the attacker learned about and could have used to harm Firefox users," Mozilla wrote.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page