Don't Spread Firefox: Hack attack strikes again

Spread Firefox, the marketing website for the open source Firefox web browser, has been hacked again and is expected to be offline until later this month.

The cyber break-in was discovered this week, according to a notice sent on Tuesday by the Spread Firefox team to registered users of the website. The breach was limited to SpreadFirefox.com and did not affect the main Mozilla.org website or Mozilla software, according to the emailed message.

The server that hosts the Spread Firefox website was compromised by attackers who attempted to exploit a security vulnerability in TWiki, according to the notice. TWiki is open source software for the collaborative authoring of online pages called "wikis".

This is the second time the site has been hacked via a flaw in software used to run the website. In July, the marketing site was compromised by attackers who exploited an unpatched security hole in PHP. The Drupal content management system used by the site is written in the PHP scripting language.

After the July attack, Mozilla instituted procedures to ensure it would not overlook any more security fixes. The Spread Firefox team said in its notice: "Unfortunately, those procedures overlooked the installation of the TWiki software, since it is not used by the main Spread Firefox site."

The Firefox marketing website has been taken offline and will be rebuilt from scratch, according to the email. "When the system is rebuilt, all the software will be audited to ensure that security updates will be applied in a timely manner," the team wrote.

The latest attack is not likely to have exposed any user information, according to the email. Still, people should change their password when the site comes back online, the team suggested. Spread Firefox's website should be back online circa 15 October, according to a notice on the site.

The hack is an additional embarrassment to Mozilla, which has emphasised security as a main selling point for its Firefox web browser.

Spread Firefox is the online Firefox marketing hub. Mozilla has successfully used the site to mobilise volunteers to popularise the browser through free marketing techniques such as website buttons and by collecting money for an ad in The New York Times.

Joris Evers writes for CNET News.com