Browser extensions may seem innocuous from a security standpoint to most internet surfers, but as with any chunk of code it is a mistake to presume their harmlessness. It is a lesson that probably most of the people, who downloaded a Firefox add-on called Mozilla Sniffer, have learnt by now.
The add-on was disabled and added to the block list on July 12 by Mozilla, after it was found stealing passwords. Ironically, Mozilla Sniffer was itself advertised as a security add-on . That said, the add-on totally lived up to its name.
“Mozilla Sniffer has been downloaded approximately 1,800 times since its submission and currently reports 334 active daily users. All current users should receive an uninstall notification within a day or so,” Mozilla said in a statement on its blog . “The site this add-on sends data to seems to be down at the moment, so it is unknown if data is still being collected.”
Mozilla has also disabled another add-on, CoolPreviews, after a security escalation vulnerability was discovered in version 3.0.1. All previous versions of the add-on have been disabled along with the flawed version. However, a fixed version “was uploaded and reviewed within a day of the developer being notified.”
Image Credit: NetCraft