News

Data from Hacked Bug Database used to Target Firefox Users

Using data and information obtained through another hack, hackers were able to target Mozilla Firefox users through vulnerabilities in the popular browser. What is most interesting about this whole debacle, however, was that the attackers first hacked Bugzilla, Mozilla’s bug and vulnerability tracking system to find working exploits.

Bug trackers and vulnerability databases serve important roles in maintaining secure software. As researchers and whitehats find and discover bugs and vulnerabilities, they report it to either a third party or directly to the vendor. In this case, it was through Bugzilla to Mozilla. This allows a common platform to share the information required to demonstrate and fix the bug. Even if there is no outside facing infrastructure to report bugs, more developers probably have their own internal system for keeping up with, detailing and cataloguing bugs. For widely popular software, an attacker may not need to spend time researching their own zer0-days. Instead, they can simply hit one of these bug repositories and grab a whole host of vulnerabilities and use them as needed before they are patched.

In this case, Bugzilla got hit via as a privileged user account had the same password for Bugzilla as on another site that got hacked. Due to this, attackers were able to break into Bugzilla undetected for at least a year. They managed to get away with 185 non-public vulnerabilities of which 10 were unpatched at the time. Given how many users tend not to patch, and that Mozilla is unsure when the attackers first got in, it’s possible many users were vulnerable. In fact, one of the vulnerabilities was exploited widely for a while. In response, Mozilla is implementing steps to shore up security by things like restricting access and two-factor authentication.

Once again, it shows that security can be pretty hard and even systems introduced to better protect users can severely backfire. Given the wealth of information stored within bug repositories on various vulnerabilities, they can become a juicy target for blackhats. Just like major retailers and  the recent US government data breaches, the sensitive information means these systems are guaranteed to be attacked at some point. Another major lesson is that if you want good security, not reusing passwords, keeping patched and using two-factor authentication is key.

Samuel Wan

Samuel joined eTeknix in 2015 after becoming engrossed in technology and PC hardware. With his passion for gaming and hardware, tech writing was the logical step to share the latest news with the world. When he’s not busy dreaming about the latest hardware, he enjoys gaming, music, camping and reading.

Disqus Comments Loading...

Recent Posts

Electronic Arts Titles Played for Over 11 Billion Hours in 2024

Electronic Arts (EA) announced today that its games were played for over 11 billion hours…

2 days ago

Just 15% of Steam Gaming Time in 2024 Was Spent on New Releases

Steam's annual end-of-year recap, Steam Replay, provides fascinating insights into gamer habits by comparing individual…

2 days ago

STALKER 2 Gets Massive 110GB Patch With 1800+ Fixes

GSC GameWorld released a major title update for STALKER 2 this seeking, bringing the game…

3 days ago

Intel Unveils Core 200H Processors Based on the Previous Raptor Lake Refresh

Without any formal announcement, Intel appears to have revealed its new Core 200H series processors…

3 days ago

Ubisoft Reportedly Developing a New Quadruple A Game

Ubisoft is not having the best of times, but despite recent flops, the company still…

3 days ago

STALKER 2: Heart of Chornobyl Update 1.1 Fixes 1,800 Issues and Revamps A-Life 2.0

If you haven’t started playing STALKER 2: Heart of Chornobyl yet, now might be the…

3 days ago