Mozilla has disabled and block-listed a Firefox add-on containing code that nabs login data sent to any website and reroutes it to a remote server.
The add-on — known as, um, Mozilla Sniffer — was uploaded to the Firefox add-on site on June 6, and the malicious code was discovered on Monday, after which the add-on was block-listed. This means netizens who installed the add-on will be prompted to remove it. Mozilla also says that, yes, anyone who has installed the add-on should change their web passwords tout de suite.
"If a user installs this add-on and submits a login form with a password field, all form data will be submitted to a remote location," Mozilla said in a Tuesday blog post, before adding that the remote server charged with collecting passwords appeared to be down.
According to Mozilla, the Sniffer was downloaded about 1,800 times, and as of Tuesday, there were 334 active users.
the article has a link to a Google Doc that details a proposed security upgrade for the Firefox Add-on review process. I thought the proposal was still surprisingly wimpy. See https://docs.google.com/Doc?docid=0Acwo2Bn17-PrZGZudHRobnJfNzdka3Q2bTdkYw&hl=en