It is in the same spirit of openness that we are disclosing today that someone was able to steal security-sensitive information from Bugzilla. We believe they used that information to attack Firefox users. Mozilla has conducted an investigation of this unauthorized access, and we have taken several actions to address the immediate threat. We are also making improvements to Bugzilla to ensure the security of our products, our developer community, and our users.
The account that the attacker broke into was shut down shortly after Mozilla discovered that it had been compromised. We believe that the attacker used information from Bugzilla to exploit the vulnerability we patched on August 6. We have no indication that any other information obtained by the attacker has been used against Firefox users. The version of Firefox released on August 27 fixed all of the vulnerabilities that the attacker learned about and could have used to harm Firefox users.
