Mozilla Pulls Firefox Add-on for Stealing Passwords
Cybersecurity
SHARE
Facebook X Pinterest WhatsApp

Mozilla Pulls Firefox Add-on for Stealing Passwords

Written By
Brian Prince
Brian Prince
Jul 14, 2010
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Mozilla has removed a malicious, password-stealing Firefox add-on from its servers and added it to its block list.

The add-on, Mozilla Sniffer, had been in Firefox’s library of add-ons since June 6, and had been downloaded nearly 1,800 times.

“It was discovered that this add-on contains code that intercepts log-in data submitted to any Website, and sends this data to a remote location,” Mozilla stated in a July 13 advisory. “Upon discovery on July 12, the add-on was disabled and added to the block list, which will prompt the add-on to be uninstalled for all current users.”

As of July 13, the add-on had 334 active daily users, though it is unknown if data is still being collected since the site the add-on sends data to is down, Mozilla said. The company urged all users to uninstall the add-on and change their passwords as soon as possible.

“Mozilla Sniffer was not developed by Mozilla, and it was not reviewed by Mozilla,” the company said. “The add-on was in an experimental state, and all users that installed it should have seen a warning indicating it is unreviewed. Unreviewed add-ons are scanned for known viruses, Trojans and other malware, but some types of malicious behavior can only be detected in a code review.”

In addition to Mozilla Sniffer, the company also temporarily pulled a popular add-on called CoolPreviews after a vulnerability was discovered. CoolPreviews, which gets more than 77,000 weekly downloads, allows users to review links and images without leaving their current page or tab by hovering their mouse cursor over a link.

CoolPreviews is currently ranked 21st on Mozilla’s list of popular Firefox add-ons. According to Mozilla, a security escalation vulnerability was discovered in Version 3.0.1.

“The vulnerability can be triggered using a specially crafted hyperlink,” Mozilla said. “If the user hovers the cursor over this link, the preview function executes remote JavaScript code with local chrome privileges, giving the attacking script control over the host computer. Version 3.0.1 and all older versions have been disabled on addons.mozilla.org, and a fixed version was uploaded and reviewed within a day of the developer being notified.”

No known exploits of the flaw have been reported, but Mozilla urged all users of CoolPreviews to update to the latest version as soon as possible.
Brian Prince
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

facebook
linkedin
youtube
rss
x

Company

About us Contact us Advertise with us

Categories

Latest News Resources Artificial Intelligence Video Big Data & Analytics Cloud Networking

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information