Welcome to WebmasterWorld Guest from 54.159.190.106

Forum Moderators: incrediBILL

Message Too Old, No Replies

Firefox snuffs plug-in

Password pilfering critter nipped in the bud...

   
1:35 am on Jul 16, 2010 (gmt 0)

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



Mozilla has disabled and block-listed a Firefox add-on containing code that nabs login data sent to any website and reroutes it to a remote server.

The add-on known as, um, Mozilla Sniffer was uploaded to the Firefox add-on site on June 6, and the malicious code was discovered on Monday, after which the add-on was block-listed. This means netizens who installed the add-on will be prompted to remove it. Mozilla also says that, yes, anyone who has installed the add-on should change their web passwords tout de suite.

"If a user installs this add-on and submits a login form with a password field, all form data will be submitted to a remote location," Mozilla said in a Tuesday blog post, before adding that the remote server charged with collecting passwords appeared to be down.

According to Mozilla, the Sniffer was downloaded about 1,800 times, and as of Tuesday, there were 334 active users.

[theregister.co.uk...]
2:18 am on Jul 16, 2010 (gmt 0)

WebmasterWorld Senior Member tedster is a WebmasterWorld Top Contributor of All Time 10+ Year Member



the article has a link to a Google Doc that details a proposed security upgrade for the Firefox Add-on review process. I thought the proposal was still surprisingly wimpy. See [docs.google.com...]
10:57 am on Jul 22, 2010 (gmt 0)



Does anyone know if adjusting settings to not remembering history will stop this kind of thing happening or does it work like a separate keylogger.
 

Featured Threads

Hot Threads This Week

Hot Threads This Month