All add-ons that are submitted to Mozilla, all add-ons that are uploaded to the Mozilla Add-ons site are scanned for viruses, Trojans, and other types of malware. Even if an add-on passes the scan, it doesn’t mean that particular add-on is not malicious. There could be security issues that can only be brought to light after the Mozilla add-ons team performs a code review.

That is precisely what happened in the case of an add-on called Mozilla Sniffer. The add-on passed the initial security checks and was posted on the Mozilla Add-ons site. It was then downloaded about 1,800 times and actively used by 334 Firefox users. But when Mozilla took a closer look at the add-on, when it performed a code review, it noticed that the add-on was malicious.

The Mozilla team uncovered that the Mozilla Sniffer add-on contained code that intercepted the user’s login data. When the user would visit a site and would login, the add-on intercepted that data and sent it to a remote location (this is to say the add-on stole the user’s password). To prevent the add-on from causing harm to Firefox users, Mozilla disabled it and added it to the blacklist. All Firefox users who installed the add-on will receive a prompt to uninstall it.

“Mozilla Sniffer was not developed by Mozilla, and it was not reviewed by Mozilla. The add-on was in an experimental state, and all users that installed it should have seen a warning indicating it is unreviewed. Having unreviewed add-ons exposed to the public, even with low visibility, has been previously identified as an attack vector for hackers. For this reason, we’re already working on implementing a new security model for addons.mozilla.org that will require all add-ons to be code-reviewed before they are discoverable in the site,” explained the Mozilla Add-ons team.