Amid ongoing news reports about browser vulnerabilities, an alternative browser maker’s promotional Web site fell victim to a hack attack last week.
Mozilla’s SpreadFirefox.com, a community marketing site, was the target of “unknown remote attackers,” according to the site’s manager. SpreadFirefox boasts an estimated 100,000 users whose data may have been exposed during the hack.
SpreadFirefox.com bills itself as the central meeting place for the Firefox open-source marketing effort. The site was launched in September of 2004 to help hype the Firefox 1.0 release.
Site manager Asa Dotzler on Friday posted a message on the site filling in Firefox faithfuls about the unfortunate fiasco. His post said the hack was discovered last Tuesday and the site was taken down for several days to investigate.
“It appears that a part of SpreadFirefox was hacked in an attempt to use it to send out spam,” Dotzler wrote. “It doesn’t look like the attacker accessed any personal data on the site, but to be safe, we’re encouraging all of our users to log in and change their passwords.”
Fixing the Site
Dotzler sent an e-mail to SpreadFirefox.com account holders with instructions on how to change their passwords. The e-mail also assured users that Mozilla has applied security fixes to the software that runs the site.
The organization told its users that it has also reviewed security plans to determine why the necessary security fixes were not already in place. Mozilla has now modified its security processes in an effort to prevent future attacks.
The news comes after Mozilla released 12 patches to address security issues in its Firefox browser last Tuesday.
Jupiter Research analyst Joe Wilcox told LinuxInsider that SpreadFirefox.com certainly isn’t the first browser-related Web site that attackers have targeted — and it won’t be the last.
Indeed, Mozdev.org, the Mozilla development site, was hacked earlier this year. Attackers targeted Mozilla’s bugzilla bug reporting and tracking system in January. And plenty of other high-profile sites have fallen victim in the past.
Analysts said high-profile sites may still be fighting attackers, but consumers may not be privy to the information that could damage an online retailer’s reputation.
“It only takes a misconfigured e-mail server to fall victim to spam,” Wilcox said. “Hackers intending to send spam through another site’s mail servers is an ongoing problem. The difference here is that it just happened to be a high profile site — and one for promoting open-source software.”
Will the attack against SpreadFirefox.com, along with the whopping dozen security fixes issued last week, hurt Mozilla’s reputation for secure browsers? Analysts don’t think the attack has much bearing on the security — or the popularity — of the browsers themselves.
“This is certainly an opportunity for competitors to release some fear and uncertainly and doubt,” Wilcox said. “But I don’t see how this is directly related to the Firefox browser and its security.”