Mozilla says that the hacker managed to access Bugzilla’s “security-sensitive” information, which unlike the rest of the repository isn’t made publicly available. It says that the compromised account was closed down as soon as it was discovered and that steps are being taken to improve the overall security to avoid a repeat of the situation.
One of those changes is requiring all users who are authorized to access security-sensitive information to change their passwords and use two-factor authentication. There are also new limits being placed on what each level of priviledged user can access, so that if an account is compromised in future, the attacker won’t be able to access as much data.
And if you’re the sort of perennially worried person who frets over what other security vulnerabilities were revealed in the hack, then rest easy, as the version of Firefox released at the end of last month fixed any problems that might have been disclosed.
➤ Improving Security for Bugzilla [Mozilla Blog]