I find the first sentence fascinating, "Yesterday morning, August 5, a Firefox user informed us...".
I'd love to know more about this person and their skill set. How was the exploit detected and isolated? How did this issue get reported and resolved in s day?
Assuming the Mozilla way, I wonder what the bugzilla report will read when it comes out of embargo.
It's me. I discovered the exploit in the wild when I became a victim of it. Skill-set limited. I was able to identify it and understand what it basically does, but not much more.
Modest too, "The script triggered a file dialog showing it was trying to access a local file. I opened the Developer Tools and saw all kinds of other files being accessed, including my private and public keys. I nearly got a heart attack. I quickly revoked all SSH keys and started monitoring the requests to narrow it down before I submitted the bug ticket with all the information I had, including the exploit script that was executed."
Wow, lucky that it triggered a prompt. Thanks for the response!
I'd love to know more about this person and their skill set. How was the exploit detected and isolated? How did this issue get reported and resolved in s day?
Assuming the Mozilla way, I wonder what the bugzilla report will read when it comes out of embargo.