-
Tips for becoming a good boxer - November 6, 2020
-
7 expert tips for making your hens night a memorable one - November 6, 2020
-
5 reasons to host your Christmas party on a cruise boat - November 6, 2020
-
What to do when you’re charged with a crime - November 6, 2020
-
Should you get one or multiple dogs? Here’s all you need to know - November 3, 2020
-
A Guide: How to Build Your Very Own Magic Mirror - February 14, 2019
-
Our Top Inspirational Baseball Stars - November 24, 2018
-
Five Tech Tools That Will Help You Turn Your Blog into a Business - November 24, 2018
-
How to Indulge on Vacation without Expanding Your Waist - November 9, 2018
-
5 Strategies for Businesses to Appeal to Today’s Increasingly Mobile-Crazed Customers - November 9, 2018
Firefox zero-days exposed by attack on privileged account
The attack that relied on the stolen information was one that Mozilla patched August 6, after reports surfaced that a Russian news site was serving a Firefox exploit that searched for sensitive files and uploaded them to a server in Ukraine.
Advertisement
Mozilla, creator of the open-source Firefox browser and Thunderbird email client, has confessed to a breach in its bug-tracking system which saw ne’er-do-wells make off with zero-day vulnerabilities.
“The attacker acquired the password of a privileged Bugzilla user, who had access to security sensitive information”, the firm said.
In a seemingly tentative but perfectly understandable step toward its goal of releasing Firefox for Apple devices, Mozilla on Thursday offered its first public preview to iPhone and iPad users in the Pacific nation, population 4.5 million.
Mozilla meanwhile has notified relevant law enforcement authorities of the breach. However, it was reported that the hacker managed to gain access to a range of highly sensitive security information with the acquisition of a high-level account user’s password.
According to the FAQ, access to the privileged account went back at least to September 2014, with some indications that it started a year before that.
Unfortunately, some very irresponsible parties have obtained access to these private bug reports – and, in doing so, ended up with a cache of zero-day vulnerabilities which can be, and are being, exploited in the wild to attack end-users. Although the latest version of Firefox successfully patched 43 of these severe bugs, the last 10 provided the hacker with ample opportunity to target Firefox users.
Mozilla released Firefox 39.0.3 a day later to patch the problem.
“We are updating Bugzilla’s security practices to reduce the risk of future attacks of this type”.
To access the information, the hacker acquired the password of a privileged user of Bugzilla, the tool used to track bugs when they are discovered in order to share information between contributors to the project.
The company said it is “making it harder for an attacker to break in, providing fewer opportunities to break in, and reducing the amount of information an attacker can get by breaking in” following this incident.
Advertisement
Mozilla has admitted an attacker was able to access a treasure trove of Firefox bugs and used at least one security vulnerability against users as a result. Barnes also said that Mozilla is “Reducing the number of users with privileged access and limiting what each privileged user can do”.