Mozilla, makers of Firefox web browser, has issued a warning to users that the Mozilla Sniffer extension has malicious intents – it steals passwords entered into any sites by users, and relays them to a remove web server.
Mozilla Sniffer was removed from Mozilla addons website Monday. It has also been added to Firefox blocklist, which removes the addon from computers compulsorily. It was submitted to Firefox add-ons site on June 6 (mentioned on Mozilla blog). Mozilla Sniffer has been downloaded 1,800 times in the last five weeks, and had 334 active users when it was dumped.
Standard security advice follows – change your password, ensure that the addon has been removed from your browser.
How the it got through Mozilla’s addon review system puzzled me. All the more reason to use a fresh profile of your browser with no addons when you use it for online banking and similar purposes.
But here’s the reason – Mozilla scans them only for malware, and not a complete code review. Mozilla, for its part, has promised to start code review as part of revamp of its Developer Tools soon.