Linux-Noob Forums
firefox doh! - Printable Version

+- Linux-Noob Forums (
+-- Forum: Linux Server Administration (
+--- Forum: Security and Firewalls (
+--- Thread: firefox doh! (/thread-2392.html)

firefox doh! - anyweb - 2005-10-04

The Spread Firefox Team became aware this week that the server hosting

Spread Firefox, our community marketing site, has been accessed by

unknown remote attackers who attempted to exploit a security

vulnerability in TWiki software installed on the server. The TWiki

software was disabled as soon as we were aware of the attempts to access This exploit was limited to and

did not affect web sites or Mozilla software.


We have scanned Spread Firefox servers and at this time do not believe

any sensitive data was taken, but as a precautionary measure we have

shutdown the site and will be rebuilding the web site from scratch. We

also recommend that you change your Spread Firefox password and the

password of any accounts where you use the same password as your Spread

Firefox account. We will notify you again when the site is back up with

instructions on how to change your password. (Note: We do use MD5

hashing on the passwords, but MD5 cannot protect all passwords against

off-line dictionary style attacks.)


After Spread Firefox was compromised in July, we instituted procedures

to ensure that we apply all security fixes to the software running the

site (Drupal and PHP) as soon as they become available. Unfortunately,

those procedures overlooked the installation of the TWiki software since

it is not used by the main Spread Firefox site. When the system is

rebuilt, all the software will be audited to ensure that security

updates will be applied in a timely manner. We deeply regret this

incident and any inconvenience this may have caused you. Sincerely,


Spread Firefox Team

Mozilla Foundation

firefox doh! - znx - 2005-11-05

upfront with the mistake at least.. oh well.. pobodies nerfect