Mozilla yesterday revealed that it had removed an add-on called 'Mozilla Sniffer' which was uploaded to addons.mozilla.org on June 6. Mozilla Sniffer contained code that intercepted login data submitted to any website, and sent this data to a remote location. The site is currently down so Mozilla says it has no way of knowing if the application is still collecting information, however, they disabled it and placed it on the blocklist once it was discovered on July 12.
Mozilla says the add-on was downloaded about 1,800 times in the time that it was available and currently has 334 active users. However, because the add-on has been put on the blocklist, these users should receive an uninstall notification within the next 24 – 48 hours.
Though a proof of vulnerability was posted online, Mozilla says no known exploits have been reported. CoolPreview v3.0.1 (as well as older versions) has been disabled and a newer version is now available for download. Currently, 177,000 users have a vulnerable version of CoolPreview installed, which accounts for less than 25 percent of the install base.