homepage Welcome to WebmasterWorld Guest from 50.17.79.35
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Browsers / Firefox Browser Usage and Support
Forum Library, Charter, Moderators: incrediBILL

Firefox Browser Usage and Support Forum

    
Firefox snuffs plug-in
Password pilfering critter nipped in the bud...
tangor




msg:4171201
 1:35 am on Jul 16, 2010 (gmt 0)

Mozilla has disabled and block-listed a Firefox add-on containing code that nabs login data sent to any website and reroutes it to a remote server.

The add-on known as, um, Mozilla Sniffer was uploaded to the Firefox add-on site on June 6, and the malicious code was discovered on Monday, after which the add-on was block-listed. This means netizens who installed the add-on will be prompted to remove it. Mozilla also says that, yes, anyone who has installed the add-on should change their web passwords tout de suite.

"If a user installs this add-on and submits a login form with a password field, all form data will be submitted to a remote location," Mozilla said in a Tuesday blog post, before adding that the remote server charged with collecting passwords appeared to be down.

According to Mozilla, the Sniffer was downloaded about 1,800 times, and as of Tuesday, there were 334 active users.

[theregister.co.uk...]

 

tedster




msg:4171218
 2:18 am on Jul 16, 2010 (gmt 0)

the article has a link to a Google Doc that details a proposed security upgrade for the Firefox Add-on review process. I thought the proposal was still surprisingly wimpy. See https://docs.google.com/Doc?docid=0Acwo2Bn17-PrZGZudHRobnJfNzdka3Q2bTdkYw&hl=en

bookkeeper




msg:4174619
 10:57 am on Jul 22, 2010 (gmt 0)

Does anyone know if adjusting settings to not remembering history will stop this kind of thing happening or does it work like a separate keylogger.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Browsers / Firefox Browser Usage and Support
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved