We are updating Bugzilla’s security practices to reduce the risk of future attacks of this type. As an immediate first step, all users with access to security-sensitive information have been required to change their passwords and use two-factor authentication. We are reducing the number of users with privileged access and limiting what each privileged user can do. In other words, we are making it harder for an attacker to break in, providing fewer opportunities to break in, and reducing the amount of information an attacker can get by breaking in.
I really do hope you’re not serious here, Mozilla.
When there are security holes lying around for months and someone leaks the particular bug reports, the problem is not that someone got access to your bug tracker, the problem is that there are old unfixed security holes. Just because no one can see them does not make them less important. Can’t be so hard, given that you were able to fix them when you saw the first exploits.
Please don’t try to fool us.