SpreadFirefox.com Hacked Again

    October 5, 2005
    WebProNews Staff

The evangelist site for the Firefox browser has been attacked again and will be offline through October.

MozillaZine reports that an unpatched vulnerability in the TWiki software was exploited by remote attackers. Only Spread Firefox was affected; no other Mozilla sites were impacted by the attack.

Despite new processes being in place after a July attack exploited an unpatched flaw in the Drupal content management system, administrators failed to update the TWiki software. Mozilla says TWiki is not used on the main Spread Firefox site.

The Mozilla Foundation notified its registered users via email about the attack; part of the message appears below:

The TWiki software was disabled as soon as we were aware of the attempts to access SpreadFirefox.com. This exploit was limited to SpreadFirefox.com and did not affect mozilla.org web sites or Mozilla software.

We have scanned Spread Firefox servers and at this time do not believe any sensitive data was taken, but as a precautionary measure we have shutdown the site and will be rebuilding the web site from scratch.

David Utter is a staff writer for WebProNews covering technology and business. Email him here.