#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Bugzilla Vulnerabilities | Breaking Cybersecurity News | The Hacker News

New Bug in Bugzilla Software Could Expose Zero-Day Vulnerabilities

New Bug in Bugzilla Software Could Expose Zero-Day Vulnerabilities

Sep 18, 2015
A Critical vulnerability discovered in Mozilla's popular Bugzilla bug-tracking software , used by hundreds of thousands of prominent software organizations, could potentially expose details of their non-public security vulnerabilities to the Hackers. So it's time for developers and organizations that use Bugzilla open source bug tracking system to upgrade to the latest patched versions – namely 5.0.1, 4.4.10, or 4.2.15 . Bugzilla is a vulnerability database used by Mozilla as well as many open-source projects and private organizations. Besides patched flaws, these databases also contain sensitive information related to unpatched vulnerabilities reported to organizations. Unfortunately, the researchers at security firm PerimeterX have discovered a vulnerability ( CVE-2015-4499 ) in Bugzilla's email-based permissions process that allowed them to gain high-level permissions on Bugzilla. As a result, it is potentially possible for an attacker to easily access u
Zero-Day in Bugzilla Exposes Zero-Day Vulnerabilities to Hackers

Zero-Day in Bugzilla Exposes Zero-Day Vulnerabilities to Hackers

Oct 07, 2014
A critical zero-day vulnerability discovered in Mozilla's popular Bugzilla bug-tracking software used by hundreds of prominent software organizations, both private and open-source, could expose sensitive information and vulnerabilities of the software projects to the hackers. The critical flaw allows an attacker to bypass email verification part when registering a new Bugzilla account, which clearly means that an attacker can register accounts using any email addresses of their choice without the need to access the actual inbox for validation purposes. VALIDATION BYPASS AND PRIVILEGE ESCALATION BUG Security firm Check Point Software Technologies disclosed the flaw ( CVE-2014-1572 ) on Monday and said that it's the first time when a privilege-escalation vulnerability has been found in the Bugzilla project since 2002. The Mozilla foundation has also confirmed that this particular bug exists in all versions of Bugzilla going back to version 2.23.3 from 2006. An analysis
How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte
Cybersecurity Resources