Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cybersecurity
    • IT Management

    Mozilla Pulls Firefox Add-on for Stealing Passwords

    By
    Brian Prince
    -
    July 14, 2010
    Share
    Facebook
    Twitter
    Linkedin

      Mozilla has removed a malicious, password-stealing Firefox add-on from its servers and added it to its block list.

      The add-on, Mozilla Sniffer, had been in Firefox’s library of add-ons since June 6, and had been downloaded nearly 1,800 times.

      “It was discovered that this add-on contains code that intercepts log-in data submitted to any Website, and sends this data to a remote location,” Mozilla stated in a July 13 advisory. “Upon discovery on July 12, the add-on was disabled and added to the block list, which will prompt the add-on to be uninstalled for all current users.”

      As of July 13, the add-on had 334 active daily users, though it is unknown if data is still being collected since the site the add-on sends data to is down, Mozilla said. The company urged all users to uninstall the add-on and change their passwords as soon as possible.

      “Mozilla Sniffer was not developed by Mozilla, and it was not reviewed by Mozilla,” the company said. “The add-on was in an experimental state, and all users that installed it should have seen a warning indicating it is unreviewed. Unreviewed add-ons are scanned for known viruses, Trojans and other malware, but some types of malicious behavior can only be detected in a code review.”

      In addition to Mozilla Sniffer, the company also temporarily pulled a popular add-on called CoolPreviews after a vulnerability was discovered. CoolPreviews, which gets more than 77,000 weekly downloads, allows users to review links and images without leaving their current page or tab by hovering their mouse cursor over a link.

      CoolPreviews is currently ranked 21st on Mozilla’s list of popular Firefox add-ons. According to Mozilla, a security escalation vulnerability was discovered in Version 3.0.1.

      “The vulnerability can be triggered using a specially crafted hyperlink,” Mozilla said. “If the user hovers the cursor over this link, the preview function executes remote JavaScript code with local chrome privileges, giving the attacking script control over the host computer. Version 3.0.1 and all older versions have been disabled on addons.mozilla.org, and a fixed version was uploaded and reviewed within a day of the developer being notified.”

      No known exploits of the flaw have been reported, but Mozilla urged all users of CoolPreviews to update to the latest version as soon as possible.

      Avatar
      Brian Prince

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×