Mozilla’s SpreadFirefox.com community marketing site became an unwitting spam platform after it was hit by “unknown remote attackers,” the site’s managers said.
According to an e-mail sent from the SpreadFirefox.com site to users today, the attack was discovered only on Tuesday. The exploit did not affect any other Mozilla sites or software and was limited only to the SpreadFirefox.com site according to the email.
“We don’t have any evidence that the attackers obtained personal
information about site users, and we believe they accessed the machine to use it to send spam,” the e’mail states.” However, it is possible that the attackers acquired information site users provided to the site.”
Mozilla took the site down for a few days in order to
investigate the attack, according to a post on SpreadFirefox.com by Mozilla staffer Asa Dotzler.
“It doesn’t look like the attacker accessed any personal data on the site, but to be safe, we’re encouraging all of our users to log in and change their passwords,” Dotzler wrote.
The SpreadFirefox.com community marketing website was launched in September of 2004 as part of the open source Mozilla Foundation’s efforts surrounding the launch of the Firefox 1.0 release.
Mozilla’s e-mail to SpreadFirefox.com users indicated that Mozilla has now applied security fixes to the software the runs the site. Mozilla also reviewed its security plans to find out why the necessary security fixes were not previously applied and has now modified its security plans to help prevent any further such incident.
The SpreadFireFox.com site is not the first Mozilla related site to be hacked this year. In January, the Mozdev.org Mozilla development site had its bugzilla bug reporting and tracking system attacked.
Mozilla flagship Firefox browser was recently patched to fix no fewer than 12 security issues.