Mozilla says an attacker broke into its Bugzilla Bug-Tracking Software in 2014, if not before. Mozilla says it believes that the attacker only targeted one of the bugs, which it patched with the August 27 version of Firefox. The zero-day Firefox vulnerability was stolen from Mozilla’s instance of Bugzilla, which is a widely used, open source system for tracking software-level defects, or bugs. Mozilla has taken steps to improve its internal security practices, to help block such attacks in the future.”]
Source: https://www.cuinfosecurity.com/hackers-exploit-stolen-firefox-bug-information-a-8525