Firefox marketing site hacked
CNET News.com
SpreadFirefox.com, the community marketing Web site for the open-source Firefox Web browser, was hacked last week, potentially exposing user data.
Attackers broke into the Web site by exploiting an unpatched security vulnerability in the software that runs SpreadFirefox.com, the Mozilla Foundation said in an email alert to registered users of the site on Thursday. Mozilla coordinates Firefox development and marketing. The authenticity of the email was confirmed on Friday by a Mozilla representative.
The attack actually occurred on Sunday but was not discovered until Tuesday, according to the email alert. The SpreadFirefox.com was subsequently taken down for a few days to investigate the attack, according to a notice posted on the site.
The necessary patches have now been applied to the software that runs SpreadFirefox.com, Mozilla said. According to its email, the group has also "reviewed our security plan to determine why we didn't previously apply those fixes in this case, and have modified that plan to ensure we do so in the future." The exploited flaw was a vulnerability in PHP, the language in which Drupal, the content management system that Spread Firefox uses, is written.
Mozilla believes the machine was hacked to use it to send spam, according to the email. However, it is possible that attackers obtained usernames and passwords and any other information people may have provided to the site, such as email and home addresses, birth dates and instant-messaging names, Mozilla said.
The hack is an embarrassment to Mozilla, which uses security as the main selling point for the Firefox Web browser.
SpreadFirefox is the online Firefox marketing hub. Mozilla has successfully used the site to mobilise volunteers to popularise the browser through free marketing techniques such as Web site buttons and by collecting money for an ad in The New York Times.
As a result of the attack, Mozilla is urging the estimated 100,000 SpreadFirefox users to change their passwords. If those people use the same passwords for other Web sites, they should be changed there too, Mozilla advises.
More about Software
- iPlayer extends week-long limit August 28, 2008
- Facebook pokes 100 million users August 27, 2008
- eBay PC had 1 million bank customers' details August 27, 2008
- News.blog: Photosynth goes public August 21, 2008
- Email Prioritizer 'pauses' Outlook August 21, 2008
7.5
6.9
8.7
- We've changed our tabs: Here's how and why
- Become a SuperUser and find out about new features first!
- Opera Mobile 9.5 beta hands-on
- Vantage Point Blu-ray: Hands-on with some funky interactivity
- Check out the new CNET.co.uk video section
- BT Broadband Accelerator: Half a meg faster or your cash back
- Movie & TV sell-outs: When tech product placements go bad
- Firefox 3: Reviewed
- Best plug-ins for Firefox 3
- Firefox 3: Top reasons to upgrade
- Firefox 3 download day: 5 million downloads in 24 hours?
- 50 most bizarre social networks
- Men in Black on Blu-ray: Woohoo! Haha!
- Photos: Traktor Scratch with Audio 8 DJ
- Apple announces OS X 10.6 Snow Leopard
