Jump to content


Photo

Mozilla: data stolen from hacked bug database was used to attack...


  • Please log in to reply
4 replies to this topic

#1 TheSentinel

TheSentinel

    The man in the dark

  • General Admin
  • 31,507 posts

Posted 05 September 2015 - 11:57 AM

Mozilla: data stolen from hacked bug database was used to attack Firefox
 
A privileged user's account was compromised at least as early as September 2014.
 
by Megan Geuss - Sep 5, 2015 1:04am CEST
 
An attacker stole security-sensitive vulnerability information from the Mozilla's Bugzilla bug tracking system and probably used it to attack Firefox users, the maker of the open-source Firefox browser warned Friday. In an FAQ published (PDF) alongside Mozilla's blog post about the attack, the company added that the loss of information appeared to stem from a privileged user's compromised account. The user appeared to have re-used their Bugzilla account password on another website, which suffered a data breach. The attacker then allegedly gained access to the sensitive Bugzilla account and was able to “download security-sensitive information about flaws in Firefox and other Mozilla products.”
 

 

 

 



#2 TheSentinel

TheSentinel

    The man in the dark

  • General Admin
  • 31,507 posts

Posted 05 September 2015 - 12:02 PM

See in addition also:

 

ATTACKER COMPROMISED MOZILLA BUG SYSTEM, STOLE PRIVATE VULNERABILITY DATA
 
by Dennis Fisher   September 4, 2015 , 3:45 pm
 
Security experts constantly tell users not to reuse passwords on multiple accounts, but the message often falls on deaf ears. Now, officials at Mozilla are finding that advanced users don’t always follow that advice either after discovering that an attacker was able to compromise a Bugzilla user’s account by using a password taken from a data breach on a separate site.
 
 

 

 



#3 TheSentinel

TheSentinel

    The man in the dark

  • General Admin
  • 31,507 posts

Posted 05 September 2015 - 06:42 PM

Se also please:

 

Mozilla admits bug-tracker breach led to attacks against Firefox users

Hacker accessed Bugzilla for at least a year, maybe two; gained insight into flaw before it was patched
Gregg Keizer By Gregg Keizer Follow
Computerworld | Sep 5, 2015 7:10 AM PT

Mozilla yesterday said an unknown attacker accessed its Bugzilla bug-and-change tracking database, stole information about 53 critical security vulnerabilities, and used at least one of those flaws to attack Firefox users.

http://www.computerw...efox-users.html

 



#4 TheSentinel

TheSentinel

    The man in the dark

  • General Admin
  • 31,507 posts

Posted 05 September 2015 - 06:52 PM

See also

 

Ashley Carman, Reporter
September 04, 2015

Firefox zero-days exposed after attacker compromises privileged account

An attacker compromised a privileged Mozilla account to break into the company's Bugzilla bug tracker tool and steal “security-sensitive information,” the company disclosed in a Friday blog post.

http://www.scmagazin...article/437077/

 



#5 Chachazz

Chachazz

    Is GSF inventory

  • General Admin
  • 36,319 posts

Posted 05 September 2015 - 08:21 PM

Here's Mozilla security blog posting about it; very disappointed by Mozilla.

https://blog.mozilla...y-for-bugzilla/