Must Read: Sorry, but bringing back the Start menu won't help Windows 8

Topic: Browser

Mozilla blacklists password theft add-on

Summary: Mozilla has yanked a password-stealing browser add-on after the discovery that the add-on contains code that intercepts login data submitted to any website and sends this data to a remote location.

Ryan Naraine

By for Zero Day |

Mozilla has yanked a password-stealing browser add-on after the discovery that the add-on contains code that intercepts login data submitted to any website and sends this data to a remote location.

The add-on, called Mozilla Sniffer," was uploaded to the addons.mozilla.org site on June 6. "Upon discovery on July 12th, the add-on was disabled and added to the blocklist, which will prompt the add-on to be uninstalled for all current users," Mozilla explained.

The intercepted data included user passwords:follow Ryan Naraine on twitter

If a user installs this add-on and submits a login form with a password field, all form data will be submitted to a remote location. Uninstalling the add-on stops this behavior. Anybody who has installed this add-on should change their passwords as soon as possible.

The open-source group said Mozilla Sniffer had been downloaded approximately 1,800 times and reported 334 active daily users.

All current users of the malicious add-on will receive an uninstall notification.

Mozilla Sniffer was not developed by Mozilla, and it was not reviewed by Mozilla. The add-on was in an experimental state, and all users that installed it should have seen a warning indicating it is unreviewed. Unreviewed add-ons are scanned for known viruses, trojans, and other malware, but some types of malicious behavior can only be detected in a code review.

[ SEE: Microsoft exposes Firefox users to drive-by malware downloads ]

Mozilla plans to implement a new security model for addons.mozilla.org that will require all add-ons to be code-reviewed before they are available on the site.

Mozilla said a second add-on, called CoolPreviews, contains a vulnerability that exposes users to hacker attack.

[The] vulnerability can be triggered using a specially crafted hyperlink. If the user hovers the cursor over this link, the preview function executes remote JavaScript code with local chrome privileges, giving the attacking script control over the host computer. Version 3.0.1 and all older versions have been disabled on addons.mozilla.org, and a fixed version was uploaded and reviewed within a day of the developer being notified.

[ SEE: Firefox hit by malicious add-ons ]

"If a user has a vulnerable version installed and clicks on a malicious link that targets the add-on, the code in the malicious link will run with local privileges, potentially gaining access to the file system and allowing code download and execution," the group warned..

About 177,000 users have a vulnerable version of CoolPreviews installed.  Mozilla plans to blacklist the vulnerable versions soon.

Topics: Browser, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

18 comments
Log in or register to join the discussion

  • Nope, sorry, I don't believe you ...

    ... I mean, how can this possibly have happened.

    Everyone knows that all OSS is thoroughly reviewed and vetted by all OSS consumers and contributors and that many eyes ensure that no bugs nor deliberate malware can possibly creep into an OSS source tree, right?

    Right.
    de-void-21165590650301806002836337787023
    Reply Vote

  • Who were...

    the 1800 people who downloaded it, and who are the 334 people who are using it? Why? Is it masked as doing something else? If I uploaded a plug-in called Mozilla Format-your-system-drive, would I actually get people to download and use it?
    hickum
    Reply Vote

    • RE: Mozilla blacklists password theft add-on

      @hickum
      No doubt, people are stupid.
      ryanstrassburg
      Reply Vote

    • RE: Mozilla blacklists password theft add-on

      @hickum
      As the original article explains, the add-on was based on Tamper Data - an extension that allows you to view and manipulate HTTP headers of requests made by webpages. It is pretty popular among web developers and security experts. And - yes, it is a sniffer. So when somebody saw an add-on with the same functionality called Mozilla Sniffer it made sense.
      Wladimir Palant
      Reply Vote

  • Yet another reason to use Safari

    Once again, the Mozilla Foundation gives Apple users yet another reason to use Safari. The plugin model recently adopted by Apple is completely unbreakable, and would never lead to such information loss.
    Trolleur
    Reply Vote

    • yeah except

      when u use safari with your left hand it fails to load webpages..... unless u wear a glove. nice try
      bspurloc
      Reply Vote

    • What a farce...

      @Trolleur
      Nothing is unbreakable. But we shall see won't we...
      ryanstrassburg
      Reply Vote

      • Let me know when there's an exploit....

        @ryanstrassburg

        Please let me know when there is any exploit for Safari extensions, and I'll buy you a beer. In fact, let me know when there's an active exploit for any issue in Mac OS X. The fact of the matter here is that OS X is 100% safe and secure, so long as users don't use third-party software like Firefox.
        Trolleur
        Reply Vote

      • RE: Mozilla blacklists password theft add-on

        @Trolleur - I sincerely hope that your statements were dripping with disdainful sarcasm. If not, you seriously need a checkup from the neck up.
        de-void-21165590650301806002836337787023
        Reply Vote

  • RE: Mozilla blacklists password theft add-on

    How stupid can people get? Important passwords are memorised or written down & kept in a safe place (safe or where you keep money) NEVER on a computer!..
    ronangel
    Reply Vote

    • RE: Mozilla blacklists password theft add-on

      @ronangel - RIGHT ON ... because, as we all know, writing down your passwords on a piece of paper that you stick to the underside of your keyboard or hide in your wallet are utterly secure and will never be stolen.

      On the other hand, storing your passwords ANYWHERE (either electronically or on paper, etc) in plaintext is just silly.
      de-void-21165590650301806002836337787023
      Reply Vote

  • RE: Mozilla blacklists password theft add-on

    Well done! Thank you very much for professional templates and community edition
    <a href="http://www.yuregininsesi.com">sesli sohbet</a> <a href="http://www.yuregininsesi.com">sesli chat</a>
    yarinsiz
    Reply Vote

  • RE: Mozilla blacklists password theft add-on

    I also desire to signal in your RSS feeds. Thank you as soon as once again and maintain up the great operate!<a href="http://nccma.com">nccma</a> <a href="http://coolerkings.com">cooler</a>
    MACKENZI
    Reply Vote

  • RE: Mozilla blacklists password theft add-on

    I used to be more than happy to seek out this internet-site.I wanted to thanks in your time for this glorious read!! I positively enjoying each little bit of it and I have you bookmarked to check out new stuff you weblog post. this thread is amazing i like your work and i appreciate you that you have share a useful stuff thanks for sharing <a href="http://the-ishop.com">the i shop</a> <a href="http://abatwa.com">abatwa</a>
    PEARLINEI
    Reply Vote

  • RE: Mozilla blacklists password theft add-on

    I used to be more than happy to seek out this internet-site.I wanted to thanks in your time for this glorious read!! I positively enjoying each little bit of it and I have you bookmarked to check out new stuff you weblog post.Bookmarking now thanks please consider a follow up post.<a href="http://power28.com">power</a> <a href="http://sagesinc.com">sa</a> <a href="http://iloveshoping.net">shop</a>
    RHIANNONA
    Reply Vote

  • RE: Mozilla blacklists password theft add-on

    I think the representation of this article is actually superb one. This is my first visit to your site. Thanks a lot and keep sharing the information. Keep updating the information for all of us. Thanks ZDNet Government was launched as the brand's first industry vertical, with a mission to cater to IT professionals in the public secto I agree with your post. However, do you have any sources I can cite for my paper <a href="http://easy-wheels.com/">wheel</a> <a href="http://pbcars.com/">car</a> <a href="http://com69.net">com</a> <a href="http://cadburry.com">bury</a>
    SATURNINA
    Reply Vote

  • RE: Mozilla blacklists password theft add-on

    Well welcome, hopefully you can become a vital member of the community and really help to push far ahead of google. Which Im sure the development team would love. This will of course earn you alot points too and get you on the leaders board.<a href="http://vintagesnapbackhatsfan.com">z</a><a href="http://bestsolidstatedrive.net">d</a><a href="http://b2days.com/">n</a><a href="http://b2wp.com/">e</a><a href="http://buy-sell-cheap.com/">t</a> <a href="http://sellcheap.net/">t</a><a href="http://newsoftwarepc.com/">h</a><a href="http://bestlaptoppcreviews.com/">a</a><a href="http://buyfurniturefreeshipping.com/">n</a><a href="http://cheapclothingstoresonline.com/">k</a> Im not sure i come to an agreement with you on every level, howevor it absolutely was a good posting, many thanks for taking the time to put up your ideas.
    TOCCAR
    Reply Vote

  • RE: Mozilla blacklists password theft add-on

    Thanks nice info <a href="http://buyboxinggloves.net/">z</a><a href="http://buygemicrowave.com/">d</a><a href="http://cheapweldingsupplies.com/">n</a><a href="http://cheapcarcareproducts.com/">e</a><a href="http://cheapluggageforsale.com/">t</a> I really liked your current article write more..let me add you to its favorite The articles you have on zdnet <a href="http://mlbshopgiants.com/">s</a><a href="http://best3dtvavailable.com/">i</a><a href="http://lampsplusstorelocator.com/">t</a><a href="http://discountperfumewebsites.com/">e</a> are always so enjoyable to read. Good work and I bookmarked it.
    MCKNIGH
    Reply Vote
CNET Join | Log In | Privacy | Cookies Close