July 15th, 2005, 07:45 PM
Firefox marketing site hacked
Firefox marketing site hacked
SpreadFirefox.com, the community marketing Web site for the open-source Firefox Web browser, was hacked earlier this week, potentially exposing user data.
Attackers broke into the Web site by exploiting an unpatched security vulnerability in the software that runs SpreadFirefox.com, the Mozilla Foundation said in an e-mail alert to registered users of the site late Thursday. Mozilla coordinates Firefox development and marketing. The authenticity of the e-mail was confirmed Friday by a Mozilla representative.
The attack actually occurred on Sunday but was not discovered until Tuesday, according to the e-mail alert. The SpreadFirefox.com was subsequently taken down for a few days to investigate the attack, according to a notice posted on the site.
The necessary patches have now been applied to the software that runs SpreadFirefox.com, Mozilla said. According to its e-mail, the group has also "reviewed our security plan to determine why we didn't previously apply those fixes in this case, and have modified that plan to ensure we do so in the future." The exploited flaw was a vulnerability in PHP, the language in which Drupal, the content management system that Spread Firefox uses, is written.
Mozilla believes the machine was hacked to use it to send spam, according to the e-mail. However, it is possible that attackers obtained usernames and passwords and any other information people may have provided to the site, such as e-mail and home addresses, birth dates and instant-messaging names, Mozilla said.
The hack is an embarrassment to Mozilla, which uses security as the main selling point for the Firefox Web browser.
read the rest at:
July 15th, 2005, 07:52 PM
Here's the full email from SpreadFirefox.com:
On Tuesday, July 12, the Mozilla Foundation discovered that the server hosting Spread Firefox, our community marketing site, had been accessed on Sunday, July 10 by unknown remote attackers who exploited a security vulnerability in the software running the site. This exploit was limited to SpreadFirefox.com and did not affect other mozilla.org web sites or Mozilla software.
We don't have any evidence that the attackers obtained personal information about site users, and we believe they accessed the machine to use it to send spam. However, it is possible that the attackers acquired information site users provided to the site.
As a Spread Firefox user, you have provided us with a username and password. You may also have provided us with other information, including a real name, a URL, an email address, IM names, a street address, a birthday, and private messages to other users.
We recommend that you change your Spread Firefox password and the password of any accounts where you use the same password as your Spread Firefox account. To change your Spread Firefox password, go to SpreadFirefox.com, log in with your current password, select "My Account" from the sidebar, select "Edit Account" from the sidebar, then enter your new password into the Password fields and press the "Save user information" button at the bottom of the page.
The Mozilla Foundation deeply regrets this incident and is taking steps to prevent it from happening again. We have applied the necessary security fixes to the software running the site, have reviewed our security plan to determine why we didn't previously apply those fixes in this case, and have modified that plan to ensure we do so in the future.
The Mozilla Foundation