Mozilla Sniffer intercepts login data and sends it to a remote server that appeared to be down, according to the blog post.
The software was not developed by Mozilla, nor was it reviewed by the company. Unreviewed add-ons are scanned for viruses, Trojans and other malware, but some malicious activity can only be detected by reviewing the code, Mozilla said.
"We're already working on implementing a new security model for addons.mozilla.org that will require all add-ons to be code-reviewed before they are discoverable in the site," the company said.
Mozilla blocks password-stealing Firefox add-on
Posted on Thursday, July 15 2010 @ 21:35 CEST by Thomas De Maesschalck