Mozilla Sniffer, a little-used and now disabled Firefox add-on, turns out be a log-in thief and has been disabled by Mozilla. Additionally the Firefox-maker disabled earlier versions of CoolPreviews, another, more popular add-on which carried vulnerabilities that could enable remote takeovers. Time to take a long look at your company's browser add-ons policy.
Mozilla Sniffer, a little-used and now disabled Firefox add-on, turns out be a log-in thief and has been disabled by Mozilla. Additionally the Firefox-maker disabled earlier versions of CoolPreviews, another, more popular add-on which carried vulnerabilities that could enable remote takeovers. Time to take a long look at your company's browser add-ons policy.A Firefox add-on, Mozilla Sniffer (you'd think the name would have been a warning in itself) has been revealed to be a log-in thief, grabbing Web site log-ins and sending the info to its makers.
Mozilla reports that the Sniffer add-on was "downloaded approximately 1,800 times since its submission and currently reports 334 active daily users."
Far more popular is the CoolPreviews add-on, version 3.01 of which held a vulnerability that could alow re4mote takeover of the user's computer. Mozilla disabled CoolPreviews 3.01 (and all earlier versions) and now has posted a version of CoolPreviews that has had the vulnerability eliminated.
The repaired version can be found at addons.mozilla.org Mozilla recommends that all CoolPreviews users upgrade to the latest version immediately.
How familiar are you, or your security personnel, with the add-ons your employees have added to their browsers? How confident are you that all of those add-ons have been reviewed for security and approved by the browser's developer?
As Mozilla pointed out in its security blog, unreviewed add-ons have "been previously identified as an attack vector for hackers." That's an understatement, to say the least, which is why it's good to know that Mozilla is reviewing its criteria for posting add-ons to its site. (The Mozilla Sniffer password thief remained on the add-on site for a month before being disabled.)
Might be a good idea for you to review the security policy surrounding which browser add-ons (and for that matter, which browser) your employees can add to your systems.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.