Password Stealing and Vulnerable Firefox Add-ons

Jul 16, 2010

Mozilla has blocked two Firefox add-ons, one malicious and another with a serious security vulnerability. The malicious add-on is called "Mozilla Sniffer" and it steals passwords from user’s computer. The vulnerable add-on is "CoolPreviews" and it’s vulnerability could have been used by hackers to hijack computers. For your own safety, uninstall Mozilla Sniffer and get the latest version of CoolPreviews Firefox add-on.

Mozilla Firefox

"Mozilla Sniffer" was uploaded on June 6th to addons.mozilla.org. It was discovered that this add-on contains code that intercepts login data submitted to any website. If a user installs this add-on and submits a login form with a password field, all form data will be submitted to a remote location. Uninstalling the add-on stops this malicious behavior. Upon discovery on July 12th, the add-on was disabled and added to the blocklist, which will prompt the add-on to be uninstalled for all current users. If you used this add-on you must change your passwords as soon as possible.

On the other hand CoolPreviews is popular Firefox add-on. The vulnerability was discovered in version 3.0.1 of the CoolPreviews add-on. The vulnerability can be triggered using a specially crafted hyperlink. If a user has a vulnerable version installed and clicks on a malicious link that targets the add-on, the code in the malicious link will run with local privileges, potentially gaining access to the file system and allowing code download and execution. Version 3.0.1 and all older versions have been disabled on addons.mozilla.org, and a fixed version was uploaded. Mozilla asks all the users of CoolPreviews to get the latest version as soon as possible.

Leave a Reply

Note: Comments are subject to moderation