Mozilla Uncovers Password-stealing Add-on, Blacklists It
Article by George Norman
On 15 Jul 2010
All add-ons that are submitted to Mozilla, all add-ons that are uploaded to the Mozilla Add-ons site are scanned for viruses, Trojans, and other types of malware. Even if an add-on passes the scan, it doesn’t mean that particular add-on is not malicious. There could be security issues that can only be brought to light after the Mozilla add-ons team performs a code review.

That is precisely what happened in the case of an add-on called Mozilla Sniffer. The add-on passed the initial security checks and was posted on the Mozilla Add-ons site. It was then downloaded about 1,800 times and actively used by 334 Firefox users. But when Mozilla took a closer look at the add-on, when it performed a code review, it noticed that the add-on was malicious.

Advertising

The Mozilla team uncovered that the Mozilla Sniffer add-on contained code that intercepted the user’s login data. When the user would visit a site and would login, the add-on intercepted that data and sent it to a remote location (this is to say the add-on stole the user’s password). To prevent the add-on from causing harm to Firefox users, Mozilla disabled it and added it to the blacklist. All Firefox users who installed the add-on will receive a prompt to uninstall it.

“Mozilla Sniffer was not developed by Mozilla, and it was not reviewed by Mozilla. The add-on was in an experimental state, and all users that installed it should have seen a warning indicating it is unreviewed. Having unreviewed add-ons exposed to the public, even with low visibility, has been previously identified as an attack vector for hackers. For this reason, we’re already working on implementing a new security model for addons.mozilla.org that will require all add-ons to be code-reviewed before they are discoverable in the site,” explained the Mozilla Add-ons team.



Tags: Mozilla, Add-ons, Firefox
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
By George Norman on 14 Aug 2017
Firefox Send works with any modern web browser (not just Mozilla’s own), it lets you safely send files up to 1GB in size, and using it is a fairly simple process, as you can see in this how-to guide.
By George Norman on 24 Jul 2017
As someone who has been using Firefox day-to-day for a very – VERY – long time, I’ve grown to know a lot about Mozilla’s web browser. As such, I thought it a good idea to share part of my knowledge with you and highlight 10 tips & tricks that I’m sure you’ll find very useful.
By George Norman on 02 Aug 2017
Voice Fill uses spoken language to enter queries into search engines. Notes is a built-in notepad that you can use to jot down ideas. And Send lets you send encrypted, self-destructing files over the internet.
By George Norman on 21 Jun 2017
Last fall, Mozilla released Firefox Focus, a fast mobile browser that blocks ads and trackers. Previously only available for iOS, this privacy-oriented browser is now available for Android too.
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
Mozilla Uncovers Password-stealing Add-on, Blacklists It
HTML Linking Code