Mozilla Foundation overlooked critical patches on its SpreadFirefox site. As a result the site has been temporarily taken offline and site visitors are being redirected to the Firefox site on the main Mozilla Web system.
In an email sent to site subscribers, the Spread Firefox Team said that intruders tried to gain access to the site using vulnerabilities in TWiki, which is used at the site. When the intrusion attempts were noticed the team disabled the TWiki software.
In July the site was compromised and at that time the team said it was a possible attempt to use the site to send spam. As a result of that intrusion the system was completely rebuilt and policies were put in place to better manage security updates for the system software, including Drupal and PHP. However, during that process the team overlooked the fact that TWiki is also used, although in a less prominent way.
Over the past month two vulnerabilies were discovered in TWiki, where one allows remote shell command inject and the other allows remote command execution. Since no policy was in place to keep watch over vulnerabilities in TWiki the site was vulnerable to intrusion.
The team said that they examined the system and did not find any sign that "sensitive data" was taken from the affected system. The team also pointed out that intrusion attempts did not affect the main Mozilla Web site at mozilla.org or Mozilla software. However the SpreadFirefox site does store private information if people opt to provide it, such as real name, street address, birthday, instant messaging address, email address, and Web site address. After the SpreadFirefox site is rebuilt subscribers will be notified so that they can change their passwords.
