Patch Management

Mozilla patches Bugzilla bug that revealed details on flaws

October 7, 2014

Mozilla has updated its Bugzilla vulnerability tracking program to patch security holes, top among them a flaw that reveals the details of bugs that security researchers are attempting to patch.

That's right, the bug exposed details about bugs that had been discovered before the researchers completed their fixes and were ready to responsibly disclose them. 

A Naked Security bulletin noted that both open and closed source projects use Bugzilla to make their projects “publicly accessible on the internet, as a way of encouraging anyone who's interesting in helping out with bug fixing.”

But one of the tracking program's flaws opened it up to others in addition to the Good Guys. In the hang time between discovery and patch, miscreants, at least in theory, had ample opportunity to exploit the flaws for criminal purposes. The update patches that and other holes.

prestitial ad