Kinda ironic that a security add-on for Firefox contained a backdoor that leaked confidential information to an unknown third-party.
However, using the Mozilla Sniffer add-on would have introduced an unexpected vulnerability in any application being tested — whenever a login form was submitted, the add-on secretly sent a copy of the URL, password and other details to an IP address presumably controlled by the malicious author.
The backdoor was uncovered by Mozilla user Johann-Peter Hartmann of SektionEins who was using the add-on to test the security of a friend's online game.
This was a pretty serious issue. The Mozilla Sniffer add-on overwrote some of the original Tamper Data files, and added a new script that injected injects a new function which was called whenever a form is submitted by the browser. The function looked for any forms that have non-empty password fields and then uses two other functions to send the data to the third-party, presumably a fraudster.