Yesterday, Mozilla announced that they pulled two add-ons from the Mozilla Add-ons site. One add-on was not approved but still installed by roughly 1,800 users with 334 users currently reportedly using it. The problem with this add-on, appropriately called Mozilla Sniffer, is that it compromised users security. If somebody with this add-on installed submitted a login form with a password, it would also submit all of that information to a remote location. The Mozilla Sniffer add-on was listed as still being experimental, which means it required somebody to login and review a prompt that warned them that the code had not been reviewed by Mozilla yet.
If you have Mozilla Sniffer installed in your Firefox browser, it is recommended that you immediately uninstall the add-on and change your passwords.
CoolPreviews was the second add-on that was removed yesterday. It had been approved and is actually quite popular at the 21st most downloaded add-on. A security vulnerability allows remote execution of Javascript on a malicious page. A new version was uploaded and reviewed within a day of notification. It’s recommended that all users using CoolPreviews update to the latest version.
(via Computerworld)