Bugzilla which is most coveted bug tracking system by Mozilla foundation got hacked and the group of hackers was able to steal bit of information about Zero-day bugs which was unpatched as revealed by Mozilla Foundation.
According to the revelations made it is assumed that hackers had a pre notion of unpatched zero day bugs in Firefox web browser for more than a year. Mozilla identified breach into user’s account that has been used to gain privileges access to Bugzilla.
According to the sources the hackers had this information and access from 2013 and they had ample time to utilize and exploit the software with flaws for a good amount of time.
As per insights there were 185 secret bugs and out of 185 53 are considered to be vulnerable. Hackers must have exploited them for more than a year before Mozilla fixed it right.
To save the maximum out of list 43 flaws were already patched before hackers intruded the software as per Mozilla records but still there lies a risk of 10 bugs which were accessed by hackers.
In past, Mozilla fixed one bug and patched it on August 6th 2015 and found that the same bug was used by hackers 36 days ago. Out of the bug list, a hacker already used one bug for their advantage as they used bug to cull out private data from a Russian news website which is commonly visited by Firefox users.
The most amazing part of this breach is Hackers gad no idea of any zero day flaws existing in the software. Information revealed that user’s reused those retrieved password of Bugzilla with other websites and the password got hacked through a data breach.
Google and Facebook make sure that users use unique passwords as this data breach took place because the same password was used on a compromised site and password got hacked. Passwords reuse is the common problem faced by many security providers.
Richard Barnes who is the Firefox’s security lead blogged about Bugzilla getting improved by Mozilla in a blogpost this Friday. He commented about security stating that they are working on the updating Bugzilla and its security practices. As a call to action for this hack they already put a two-factor authentication.
Adding more to security, Barnes said they had also set up the level of privileges to users so that in case hackers intruded their accounts they could not get much information from user’s accounts.
The good news about Firefox is the latest version has fixed all the problems that might be used by hackers in the last few hacks. Mozilla will be more alert and cautious about their security from now onwards.