Mozilla Sniffer Add-on Blocklisted for Security Purposes

Mozilla has blocklisted a malicious plugin that has been submitted on their official website as an add-on since 6th of June, the add-on named Mozilla Sniffer and contains a serious security vulnerability.

According to a blog post the plugin includes a code that intercepts all login data on any website and sends this credential to a remote location. Mozilla security specialists informed that All current users should receive an uninstall notification and invite all users to remove the plugin and change all web authentication credential they are using.

The Plugin code has not been verified as it has been submitted online directly, it was just checked against malware without reviewing the functionality before make it public. While a new method of work will be considered in the future with a purpose to Review Process & Delightful Add-ons.

On the same post security vulnerability in CoolPreviews version 3.0.1 has been reported. This plugin help users in previewing a link in a website by just putting the cursor on it. The Bug allows an attacker to execute a malicious JavaScript code with local privileges, potentially gaining access to the file system and allowing code download and execution.

Currently, 177,000 users have a vulnerable version installed. All users are invited to update the plugin while the vulnerable versions will be blocklisted soon.

make sure you subscribe to my RSS feed!