Thursday, July 15, 2010

Mozilla pulls add-on that could steal logon passwords

In an article by Brian Prince, Eweek reports that Mozilla had to pull a Firefox add-on for stealing passwords, called Mozilla Sniffer, which had been loaded about 1800 times since June 6. It also pulled an add-on called CoolPreviews.

Sniffer could detect Mozilla logon’s to any website and send them to a remote location, possibly for use in manipulating financial accounts, identity theft, or spoofing.

Add-ons are analyzed for known viruses, but some kinds of malicious code can be detected only by reviewing code, which is more likely to happen in the user community.

Mozilla users are advised to check their add-on lists and make sure they did not use add-ons that have been removed, possibly compromising passwords or other security concerns.

The story would seem to contradict conventional wisdom that Mozilla is always safer than IE. Microsoft has been saying that IE8 (under Windows 7) is three times safer than any competitor.

The link is here and was included in Webroot tweet today.

1 comment:

Anonymous said...

Hey nice work u do i like it .....thanks for sharing
Internet Safety for Kids