Mozilla Sniffer Firefox Add-On Steals Passwords - InformationWeek
IoT
IoT
Mobile // Mobile Applications
Commentary
7/16/2010
01:15 PM
Keith Ferrell
Keith Ferrell
Commentary
50%
50%
RELATED EVENTS
Data Tells: Dissecting Every Day Data
May 31, 2017
Join us as the author of the book "Everydata: The Misinformation Hidden in the Little Data You Con ...Read More>>

Mozilla Sniffer Firefox Add-On Steals Passwords

Mozilla Sniffer, a little-used and now disabled Firefox add-on, turns out be a log-in thief and has been disabled by Mozilla. Additionally the Firefox-maker disabled earlier versions of CoolPreviews, another, more popular add-on which carried vulnerabilities that could enable remote takeovers. Time to take a long look at your company's browser add-ons policy.

Mozilla Sniffer, a little-used and now disabled Firefox add-on, turns out be a log-in thief and has been disabled by Mozilla. Additionally the Firefox-maker disabled earlier versions of CoolPreviews, another, more popular add-on which carried vulnerabilities that could enable remote takeovers. Time to take a long look at your company's browser add-ons policy.A Firefox add-on, Mozilla Sniffer (you'd think the name would have been a warning in itself) has been revealed to be a log-in thief, grabbing Web site log-ins and sending the info to its makers.

The add-on has been disabled by Mozilla, according to a blog post, which recommends that anyone who installed Mozilla Sniffer should immediately change their passwords.

Mozilla reports that the Sniffer add-on was "downloaded approximately 1,800 times since its submission and currently reports 334 active daily users."

Far more popular is the CoolPreviews add-on, version 3.01 of which held a vulnerability that could alow re4mote takeover of the user's computer. Mozilla disabled CoolPreviews 3.01 (and all earlier versions) and now has posted a version of CoolPreviews that has had the vulnerability eliminated.

The repaired version can be found at addons.mozilla.org Mozilla recommends that all CoolPreviews users upgrade to the latest version immediately.

How familiar are you, or your security personnel, with the add-ons your employees have added to their browsers? How confident are you that all of those add-ons have been reviewed for security and approved by the browser's developer?

As Mozilla pointed out in its security blog, unreviewed add-ons have "been previously identified as an attack vector for hackers." That's an understatement, to say the least, which is why it's good to know that Mozilla is reviewing its criteria for posting add-ons to its site. (The Mozilla Sniffer password thief remained on the add-on site for a month before being disabled.)

Might be a good idea for you to review the security policy surrounding which browser add-ons (and for that matter, which browser) your employees can add to your systems.

Don't Miss: 5 Web Security Practices For SMBs

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of Data and Analytics
Today's companies are differentiating themselves using data analytics, but the journey requires adjustments to people, processes, technology, and culture. 
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll