You are here: silicon.com > Networks > WebWatch

WebWatch

Firefox community site hacked

Time to change your passwords...

Tags: firefox, mozilla

By Joris Evers

Published: 18 July 2005 08:30 GMT

SpreadFirefox.com, the community marketing website for the open-source Firefox web browser, was hacked last week, potentially exposing user data.

Attackers broke into the website by exploiting an unpatched security vulnerability in the software that runs SpreadFirefox.com, the Mozilla Foundation said in an email alert to registered users of the site on Thursday. Mozilla coordinates Firefox development and marketing. The authenticity of the email was confirmed on Friday by a Mozilla representative.

The attack actually occurred on 10 July but was not discovered until two days later, according to the email alert. The SpreadFirefox.com was subsequently taken down for a few days to investigate the attack, according to a notice posted on the site.

The necessary patches have now been applied to the software that runs SpreadFirefox.com, Mozilla said. According to its email, the group has also "reviewed our security plan to determine why we didn't previously apply those fixes in this case, and have modified that plan to ensure we do so in the future". The exploited flaw was a vulnerability in PHP, the language in which Drupal, the content management system that Spread Firefox uses, is written.

Mozilla believes the machine was hacked to use it to send spam, according to the email. However, it is possible attackers obtained usernames and passwords and any other information people may have provided to the site, such as email and home addresses, birth dates and instant-messaging names, Mozilla said.

The hack is an embarrassment to Mozilla, which uses security as the main selling point for the Firefox browser.

SpreadFirefox is the online Firefox marketing hub. Mozilla has successfully used the site to mobilize volunteers to popularize the browser through free marketing techniques such as website buttons and by collecting money for an ad in The New York Times.

As a result of the attack, Mozilla is urging the estimated 100,000 SpreadFirefox users to change their passwords. If those people use the same passwords for other websites, they should be changed there too, Mozilla advises.

Joris Evers writes for CNET News.com

  1. Zones
  2. Management
  3. Networks
  4. Software
  5. IT Services
  6. Hardware
  1. Verticals
  2. Public Sector
  3. Financial Services
  4. Retail & Leisure
Read and write about internet access at the airports of the world at atlarge.com. Rate airports, and see what others have to say...

Peter Cochrane Peter Cochrane's Blog: How the telcos could save themselves Doomed network operators could thrive with a bit of innovation

Peter Cochrane Peter Cochrane's Blog: Facebook saves teen from prison Another unexpected impact of social networking


  • Jobs
Web Applications Vulnerability Tester

Title: Web Applications Vulnerability Tester / Penetration Tester Salary: market rates but probably 40k to 60k Company: online / ecommerce company ...

Java / WebObjects Developer / Java / WebObjects Programmer - London

Java / WebObjects Developer / Java / WebObjects Programmer - London Location: London Salary: 35,000 - 48,000 Company: People's IT Job type: Permanent ...

Web Developer Co Clare

Keywords:Web developer web designer web Specialist front end intranet job role career Co Clare Shannon Ennis Clare Limerick west coast west-coast ...

Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.





Quick Sitemap Links: