Mozilla said hackers had stolen security-sensitive information from Bugzilla, its bug tracker, and used it to “attack” Firefox users.
The account that the hackers broke into was shut down shortly after the company discovered it had been compromised, the company said in a blog post.
Mozilla said on Friday the hackers may have used information from Bugzilla to exploit a vulnerability that allowed them to search for sensitive files and upload them to a server.
We believe that the attacker used information from Bugzilla to exploit the vulnerability we patched on August 6.
A version of Firefox, the world’s second-largest browser by users, released on Aug. 27 fixed all the vulnerabilities the hacker learned about and could have used to harm its web browser users, the company said.
Mozilla said it had conducted an investigation on the breach and notified relevant law enforcement authorities.