Bug in the Bug Tracker

 
On September 29th, Check Point’s Malware and Vulnerability Research Group uncovered a critical privilege escalation vulnerability in the popular bug-tracking platform called Bugzilla. According to the CVE security vulnerability database (cvedetails.com), this is the first privilege escalation bug uncovered in the Bugzilla project since 2002. (See also: Bugzilla Zero-Day Exposes Zero-Day Bugs by Brian Krebs) Check Point’s security researchers have informed the Mozilla Foundation and the team leading the Bugzilla project about this particular vulnerability. Mozilla and Bugzilla have recognized the critical nature of this vulnerability and have assigned the following CVE identifier for ...