Patch/Configuration Management, Vulnerability Management

Mozilla patches Bugzilla bug that revealed details on flaws

Mozilla has updated its Bugzilla vulnerability tracking program to patch security holes, top among them a flaw that reveals the details of bugs that security researchers are attempting to patch.

That's right, the bug exposed details about bugs that had been discovered before the researchers completed their fixes and were ready to responsibly disclose them. 

A Naked Security bulletin noted that both open and closed source projects use Bugzilla to make their projects “publicly accessible on the internet, as a way of encouraging anyone who's interesting in helping out with bug fixing.”

But one of the tracking program's flaws opened it up to others in addition to the Good Guys. In the hang time between discovery and patch, miscreants, at least in theory, had ample opportunity to exploit the flaws for criminal purposes. The update patches that and other holes.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.