Mozilla Sniffer Add-on Blocklisted for Security Purposes

Mozilla has blocklisted a malicious plugin that has been submitted on their official website as an add-on since 6th of June, the add-on named Mozilla Sniffer and contains a serious security vulnerability.

According to a blog post the plugin includes a code that intercepts all login data on any website and sends this credential to a remote location. Mozilla security specialists informed that All current users should receive an uninstall notification and invite all users to remove the plugin and change all web authentication credential they are using.

The Plugin code has not been verified as it has been submitted online directly, it was just checked against malware without reviewing the functionality before make it public. While a new method of work will be considered in the future with a purpose to Review Process & Delightful Add-ons.

On the same post security vulnerability in CoolPreviews version 3.0.1 has been reported. This plugin help users in previewing a link in a website by just putting the cursor on it. The Bug allows an attacker to execute a malicious JavaScript code with local privileges, potentially gaining access to the file system and allowing code download and execution.

Currently, 177,000 users have a vulnerable version installed. All users are invited to update the plugin while the vulnerable versions will be blocklisted soon.

make sure you subscribe to my RSS feed!

Share
Subscribe
Notify of
guest
11 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
trackback

[…] This post was mentioned on Twitter by Jovi Umawing, Lance Miller, Mourad Ben Lakhoua, Mourad ben lakhoua, SecureTechnology and others. SecureTechnology said: #Security #infosec Mozilla Sniffer Add-on Blocklisted for Security Purposes: Mozilla has blocklisted a mal… http://bit.ly/bGD13h […]

trackback

RT @Angelill0: Mozilla sniffer plugin steals user password: http://bit.ly/awCHGe

trackback

RT @Angelill0: Mozilla sniffer plugin steals user password: http://bit.ly/awCHGe

trackback

RT @Angelill0: Mozilla sniffer plugin steals user password: http://bit.ly/awCHGe

trackback

Mozilla sniffer plugin steals user password: http://bit.ly/awCHGe

trackback

RT @MBenLakhoua: #Mozilla Sniffer Add-on Blocklisted for Security Purposes http://bit.ly/cqvunr #security #infosec (via @sectechno)

trackback

RT @MBenLakhoua: #Mozilla Sniffer Add-on Blocklisted for Security Purposes http://bit.ly/cqvunr #security #infosec (via @sectechno)

trackback

#Mozilla Sniffer Add-on Blocklisted for #Security_Purposes: [sectechno.com] has blocklisted a malicious plugin that… http://dlvr.it/2fkgp

trackback

RT @MBenLakhoua: #Mozilla Sniffer Add-on Blocklisted for Security Purposes http://bit.ly/cqvunr #security #infosec (via @sectechno)

trackback

#Mozilla Sniffer Add-on Blocklisted for Security Purposes http://bit.ly/cqvunr #security #infosec (via @sectechno)

trackback

Mozilla Sniffer Add-on Blocklisted for Security
Purposes… http://fb.me/D6mO6960