Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Mozilla is dealing with another case of a malicious plug-in for its Firefox web browser, and as a result, is considering changes to its code review process.The company last week removed the "Mozilla Sniffer" add-on from its archive and added it to what it terms a "blocklist", according to a vulnerability announcement. Mozilla learned that the plug-in contains code that hijacks login details, such as username and password, submitted to any website.By Mozilla adding the malicious plug-in to its blacklist, users who have installed the program will receive a prompt suggesting they uninstall it. According to the browser maker, the add-on has been downloaded about 1,800 times since it was uploaded to the library on June 6.The add-on was not created by Mozilla and therefore was in an experimental state, meaning any user who downloaded it would have seen a warning that it was unreviewed for code vulnerabilities, the company said. The plug-in, however, was checked for malware, such as viruses and trojans. It was finally checked for code flaws on July 12, when the discovery was made that it was confiscating login data from its users."Having unreviewed add-ons exposed to the public, even with low visibility, has been previously identified as an attack vector for hackers," the advisory said. "For this reason, we're already working on implementing a new security model for addons.mozilla.org that will require all add-ons to be code-reviewed before they are discoverable in the site."Mozilla grappled with a similar situation earlier this year, when it warned that two experimental plug-ins for Firefox contained a trojan. Shortly after, however, Mozilla recanted its claim and said only one of the add-ons, known as Master Filer, actually contained malware.See original article on scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.