Mozilla Data Breach
A partial database of Mozilla's addons.mozilla.org user accounts were inadvertently left on a publicly accessible server.
A researcher made Mozilla was made aware of this issue via their web bounty program on December 17th and since that time Mozilla has removed the information and yesterday, on December 27th, 2010, contacted those users who were effected.
"We were able to account for every download of the database", Mozilla said in their post. "This issue posed minimal risk to users, however as a precaution we felt we should disclose this issue to people affected and err on the side of disclosure."
Mozilla also noted that current addons.mozilla.org users and accounts are not at risk and this incident didn't impact any of Mozilla’s infrastructure.
More information can be found on the Mozilla Security Blog.
Issue 163/2014
Buy this issue as a PDF
Digital Issue: Price $9.99
(incl. VAT)
Tag Cloud
News
-
KDE Announces Software Compilation 4.13
New release comes with better semantic search and improvements to Kontact.
-
Coverity: Open Source Code has Fewer Defects
Annual code quality report shows FOSS is more secure at all project size levels.
-
An Even Smaller Raspberry Pi
The Raspberry Pi Foundation has announced an even smaller version of the tiny computer that will fit into a DIMM slot.
-
Freaky Privilege Escalation Attack
A new class of problems lets a malicious app pre-configure an invisible privilege update.
-
Facebook Rolls Out New PHP-like Programming Language
New Hack language adds static typing and other conveniences.
-
Fedora Announces Innovative Crytography Policy System
New crypto policy system will offer easier configuration and more uniform security.
-
Shuttleworth Calls for Declarative Firmware
Ubuntu founder denounces insecurity in proprietary, close-source software blobs.
-
New TLS Attack Takes the S out of HTTPS
Vulnerability affects many Linux web servers
-
Munich Adopts Kolab
The Bavarian capital shuns Microsoft, Google, and other alternatives to implement an open source groupware solution.
-
Canonical Announces Ubuntu Smartphones
Phone vendor partnerships bring Mark Shuttleworth's dream of Ubuntu on a phone a step closer to reality.