Critical Bugzilla vulnerability could give hackers access to undisclosed software flaws

Hackers could have had an inside track on unpatched flaws in major software projects because of a critical vulnerability in Bugzilla, a system that many developers use to track and discuss bugs in their code.

Patches released Monday for Bugzilla address a privilege escalation vulnerability that could have allowed attackers to gain administrative access to software bug trackers based on the open-source application.

Bugzilla is developed with support from the Mozilla Foundation, which uses it to track issues for many of its own products. However, the platform is also used by the Apache Software Foundation, the Linux kernel developers, LibreOffice, OpenOffice, OpenSSH, Eclipse, KDE, GNOME, various Linux distributions and many other projects.

To read this article in full or to leave a comment, please click here

Network World Security