Skip to main content

Mozilla Kills Password-stealing Firefox Add-on

Mozilla yesterday revealed that it had removed an add-on called 'Mozilla Sniffer' which was uploaded to on June 6. Mozilla Sniffer contained code that intercepted login data submitted to any website, and sent this data to a remote location. The site is currently down so Mozilla says it has no way of knowing if the application is still collecting information, however, they disabled it and placed it on the blocklist once it was discovered on July 12.

Mozilla says the add-on was downloaded about 1,800 times in the time that it was available and currently has 334 active users. However, because the add-on has been put on the blocklist, these users should receive an uninstall notification within the next 24 – 48 hours.

The Firefox team also removed older versions of another add-on, this one dubbed 'CoolPreview,' citing a serious security vulnerability. The vulnerability can be triggered using a specially crafted hyperlink. If a user hovers the cursor over this link, the preview function executes remote JavaScript code with local chrome privileges, giving the attacking script control over the host computer.

Though a proof of vulnerability was posted online, Mozilla says no known exploits have been reported. CoolPreview v3.0.1 (as well as older versions) has been disabled and a newer version is now available for download. Currently, 177,000 users have a vulnerable version of CoolPreview installed, which accounts for less than 25 percent of the install base.