Mozilla Pulls Password-Stealing Firefox Add-On

Kara Reeder

According to Computerworld, Mozilla has pulled a password-stealing add-on that slipped into Firefox's extension gallery more than a month ago. In a blog post, Mozilla says:

It was discovered that this add-on contains code that intercepts login data submitted to any website, and sends this data to a remote location ... Anybody who has installed this add-on should change their passwords as soon as possible.

The company also warned users of a critical security vulnerability in another add-on, "CoolPreviews." The bug could be used by attackers to hijack a user's computer. Mozilla explains:

The vulnerability can be triggered using a specially crafted hyperlink ... If the user hovers the cursor over this link, the preview function executes remote JavaScript code with local chrome privileges, giving the attacking script control over the host computer.


Add Comment      Leave a comment on this blog post

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 

Resource centers

Business Intelligence

Business performance information for strategic and operational decision-making

SOA

SOA uses interoperable services grouped around business processes to ease data integration

Data Warehousing

Data warehousing helps companies make sense of their operational data