After the proof-of-concept extension for Google Chrome that steals user's login details, it is time for Firefox to feel the heat from something similar.
Mozilla has announced the a malicious add-on, called Mozilla Sniffer has been discovered. The add-on grabs the the login details and sends it to a remote location. Upon discovery, the plugin has already been disabled and added to the blocklist. The add-on has been downloaded around 1,800 times and there are 334 daily active users. This is not the first time that malicious add-ons for Firefox have been discovered.
This is what Mozilla wrote:
An add-on called “Mozilla Sniffer” was uploaded on June 6th to addons.mozilla.org. It was discovered that this add-on contains code that intercepts login data submitted to any website, and sends this data to a remote location. Upon discovery on July 12th, the add-on was disabled and added to the block list, which will prompt the add-on to be uninstalled for all current users.
If you have installed "Mozilla Sniffer" remove it and change your passwords.
To be fair to Mozilla, the add-on was in the experimental section since it has not been reviewed. Users who install add-ons from the experimental section are warned that they have not been reviewed.