Explore the latest news and trends  

Sign up for our weekly security newsletter


Be the first to receive important updates on security





Send

Mozilla Add-on Extension Steals Login Details

Mozilla has ceased a Firefox extension from its add-on repository for last one month after the revelation that it stole user's login details. A legitimate extension also added to the blacklist owing to a vulnerability that helped in the execution of malicious code remotely.

This extension referred as 'Mozilla Sniffer' that transmits submitted information to a remote location. Therefore, it is a password stealer program that transmits information from the user's computer.

The extension was posted on the AMO website (addons.mozilla.org) on June 6, 2010 and involved in the stealing of login details for any website and transmitted the information to a third party server.

Mozilla said that after the discovery of malicious extension on July 12, 2010, the add-on was deactivated and added to the blacklist. The objective of adding the extension to the blacklist was to inform users about uninstalling it, as reported by SOFTPEDIA on July 14, 2010.

The security researchers said that the add-on was going through the testing phase and all the users who had installed it should have received a warning - "IT IS UNREVIEWED." Unreviewed add-ons were scanned to detect viruses, malware, trojans and other kinds of malicious codes, but only few codes could be identified during review process, said Mozilla, as reported by cnet news on July 14, 2010.

Although the add-on was under the testing phase, it had been downloaded 1800 times. Moreover, the website where stolen details kept is currently offline. All the users who had downloaded the add-on were advised the experts to change their passwords immediately.

Mozilla also disclosed another vulnerable add-on, known as CoolPreviews, which might expose users to hackers.

This vulnerability could be exploited with the help of specifically designed hyperlink. If the user runs his mouse on the hyperlink, a remote JavaScript code is downloaded with local chrome privileges. This script helps in taking control over the compromised computer.

Besides, this is not the first time when Mozilla add-on has been attacked. In the past, two Firefox add-ons were missed by the company's security check and corrupted around approximately 4,600 Windows computers, as reported by ZDNet on February 5, 2010.

Related article: Mozilla Rules Out Bug in Its Firefox

» SPAMfighter News - 7/27/2010

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page
Next