A cybercriminal has been able to steal “security sensitive information” from Mozilla’s Bugzilla, it has been revealed.
Richard Barnes, Firefox security lead at Mozilla, said that the data extracted from the bug tracking tool has been used to attack users of the web browser Firefox.
Mozilla has already looked into the matter and developed a suitable response to counter the threat posed by the attacker, he explained. Law enforcement has also been informed.
Additionally, it is the midst of improving Bugzilla to ensure that the tool remains effective and secure from individuals or groups looking to exploit vulnerabilities.
“The account that the attacker broke into was shut down shortly after Mozilla discovered that it had been compromised,” Mr Barnes elaborated.
“We believe that the attacker used information from Bugzilla to exploit the vulnerability we patched on August 6th.
“We have no indication that any other information obtained by the attacker has been used against Firefox users.”
He clarified that the latest update to Firefox, which was released on 27th August, has patched all of the flaws that had been identified by the cybercriminal.
Other efforts to boost Bugzilla’s security include getting all users that have access to sensitive data to change their passwords and to use two-factor authentication.
Further, cutting down on the number of people who have “privileged access” and redefining what this allows is also on the security improvement agenda.
“In other words, we are making it harder for an attacker to break in, providing fewer opportunities to break in, and reducing the amount of information an attacker can get by breaking in,” Mr Barnes went on to say.
Last month, the Mozilla Foundation announced a new security update for its Firefox browser, which addressed a particular flaw (CVE-2015-4495).
“This vulnerability allows attackers to bypass the same-origin policy and execute JavaScript remotely that will be interpreted in the local file context," explained Anton Cherepanov, a malware researcher at ESET.
“This, in turn, allows attackers to read and write files on local machine as well as upload them to a remote server.”