Mozilla Pulls Password-Stealing Firefox Add-On
According to Computerworld, Mozilla has pulled a password-stealing add-on that slipped into Firefox's extension gallery more than a month ago. In a blog post, Mozilla says:
It was discovered that this add-on contains code that intercepts login data submitted to any website, and sends this data to a remote location ... Anybody who has installed this add-on should change their passwords as soon as possible.
The company also warned users of a critical security vulnerability in another add-on, "CoolPreviews." The bug could be used by attackers to hijack a user's computer. Mozilla explains:
The vulnerability can be triggered using a specially crafted hyperlink ... If the user hovers the cursor over this link, the preview function executes remote JavaScript code with local chrome privileges, giving the attacking script control over the host computer.
Kara Reeder
Kara joined the IT Business Edge editorial team in February 2007 after working for ProQuest Information and Technology. Kara covers all areas of technology news for ITBE.com.
Subscribe to Our Newsletter
Stay Connected to
Network Security Edge
Copyright © 2010 NarrowCast Group, LLC. All rights reserved.
Comments
Post new comment