Mozilla Removes Malicious Firefox Add-On

Mozilla has removed a malicious, password-stealing Firefox add-on from its servers and added it to its block list.

The add-on, Mozilla Sniffer, had been in Firefox’s library of add-ons since 6 June, and had been downloaded nearly 1,800 times.

“It was discovered that this add-on contains code that intercepts log-in data submitted to any Website, and sends this data to a remote location,” Mozilla stated in a 13 July advisory. “Upon discovery on 12 July, the add-on was disabled and added to the block list, which will prompt the add-on to be uninstalled for all current users.”

As of 13 July, the add-on had 334 active daily users, though it is unknown if data is still being collected since the site the add-on sends data to is down, Mozilla said. The company urged all users to uninstall the add-on and change their passwords as soon as possible.

Malicious Behaviour

“Mozilla Sniffer was not developed by Mozilla, and it was not reviewed by Mozilla,” the company said. “The add-on was in an experimental state, and all users that installed it should have seen a warning indicating it is unreviewed. Unreviewed add-ons are scanned for known viruses, Trojans and other malware, but some types of malicious behavior can only be detected in a code review.”

In addition to Mozilla Sniffer, the company also temporarily pulled a popular add-on called CoolPreviews after a vulnerability was discovered. CoolPreviews, which gets more than 77,000 weekly downloads, allows users to review links and images without leaving their current page or tab by hovering their mouse cursor over a link.

Control Over Computer

CoolPreviews is currently ranked 21st on Mozilla’s list of popular Firefox add-ons. According to Mozilla, a security escalation vulnerability was discovered in Version 3.0.1.

“The vulnerability can be triggered using a specially crafted hyperlink,” Mozilla said. “If the user hovers the cursor over this link, the preview function executes remote JavaScript code with local chrome privileges, giving the attacking script control over the host computer. Version 3.0.1 and all older versions have been disabled on addons.mozilla.org, and a fixed version was uploaded and reviewed within a day of the developer being notified.”

No known exploits of the flaw have been reported, but Mozilla urged all users of CoolPreviews to update to the latest version as soon as possible.

Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Share
Published by
Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

3 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

3 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

3 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

4 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

4 days ago