Mozilla: Improving Security for Bugzilla

The Mozilla blog has disclosedthat the official Mozilla instance of Bugzilla was recentlycompromised by an attacker who stole "security-sensitiveinformation" related to unannounced vulnerabilities inFirefox-in particular, the PDFViewer exploit discovered on August 5. The blog post explains thatMozilla has now taken several steps to reduce the risk of futureattacks using Bugzilla as a stepping stone. "As an immediatefirst step, all users with access to security-sensitive informationhave been required to change their passwords and use two-factorauthentication. We are reducing the number of users with privilegedaccess and limiting what each privileged user can do. In other words,we are making it harder for an attacker to break in, providing feweropportunities to break in, and reducing the amount of information anattacker can get by breaking in."