Thursday, July 15, 2010
Mozilla pulls add-on that could steal logon passwords
Sniffer could detect Mozilla logon’s to any website and send them to a remote location, possibly for use in manipulating financial accounts, identity theft, or spoofing.
Add-ons are analyzed for known viruses, but some kinds of malicious code can be detected only by reviewing code, which is more likely to happen in the user community.
Mozilla users are advised to check their add-on lists and make sure they did not use add-ons that have been removed, possibly compromising passwords or other security concerns.
The story would seem to contradict conventional wisdom that Mozilla is always safer than IE. Microsoft has been saying that IE8 (under Windows 7) is three times safer than any competitor.
The link is here and was included in Webroot tweet today.