|
|
Пишет LWN.net (![[info]](http://lj.rossia.org/img/syndicated.gif){kind=small} syn_lwnheadline)@ 2015-09-04 22:03:00 |
 |
|
 |
|
|
|
|
|
|
 |
|
 |
The Mozilla blog has disclosed that the official Mozilla instance of Bugzilla was recently compromised by an attacker who stole "security-sensitive information" related to unannounced vulnerabilities in Firefox—in particular, the PDF Viewer exploit discovered on August 5. The blog post explains that Mozilla has now taken several steps to reduce the risk of future attacks using Bugzilla as a stepping stone. "As an immediate first step, all users with access to security-sensitive information have been required to change their passwords and use two-factor authentication. We are reducing the number of users with privileged access and limiting what each privileged user can do. In other words, we are making it harder for an attacker to break in, providing fewer opportunities to break in, and reducing the amount of information an attacker can get by breaking in."
