Mozilla snuffs password pilfering Firefox add-on
Mozilla has disabled and block-listed a Firefox add-on containing code that nabs login data sent to any website and reroutes it to a remote server. The add-on — known as, um, Mozilla Sniffer — was uploaded to the Firefox add-on site on June 6, and the malicious code was discovered on Monday, after which the add-on was block- …
The Good thing about Fire Fox is it's Addons...... The bad thing about Fire Fox is it's Addons.
Complaints about F/Fox speed may have something to do with add-on addicts. If you add loads of 'helpers' then they need to load up too. Similar to iPhone users who are app-grabbers and don't use most of them.
(see also under windows start-up)
What exactly did it purport to be it's intended purpose then?
1800 downloads? What was written on the tin to attract those downloads?
If it was called "Sniffer" it was apparently doing exactly that.
For Firefix owners to realise that add-ons are a REALLY bad idea. Quite alot, as they are still convinced that Firefix is a great browser...
Not really, providing a bare-bones browser and augmenting it with different features as required on a per user basis sounds great in principle. Sadly Firefox has strayed rather far from this.
I don't think there's any such thing as a "great" browser (at the moment) ... they all exist with varying degrees of tolerability. Extensible browsers such as Firefox rank a little higher due to the wide range of customisation options available, but suffer the downside of badly written and/or malicious add-ons.
To my mind, Firefox would be far improved by returning to its simplistic roots, spinning out much of the bloat to optional, Mozilla sanctioned add-ons. A small subset of the most popular/beneficial 3rd party add-ons could also be brought into the fold with development overseen by Mozilla such that high standards are maintained.
Add to that a decent system for vetting other add-ons for malciousness allowing publication on the site, anything else can be manually installed by the brave from off-site locations.
Lofty ideals; do I think it'll happen? Nah.
All of which are useful to me, and none of which slow the browser down any. Add-ons are not a bad idea, any more than high-calorie foods are a bad idea, you just don't want to constantly have more and more of them for no good reason
... why does EVERY other major browser maker do it? Even Chrome.
They might not implement add-ons in the same way but they all have them - so it's the implementation that's flawed rather than the idea ... and oh, what is it that Mozilla are rectifying? Oh, yes, the implementation.
Sheesh.
...that
a) 1800 cleaver people thought they woudl download this and check out that it was safe.
b) 1800 dumbasses download any old shit.
I'd like to belive it was "a"..I really would....but decades experience tells me otherwise.
The quality of the description might have given a clue:
"View and modify HTTP/HTTPS headers it's base on tamper data but many problems have been solved in this version .
in tamper data u may get empty page and don't get any informations in the addon
this problem have been solved
if you have any advices please tell me,
John"
"block-listed"????????
Who can tell?
Maybe it's like Johnny the painter?
Black listed. black! Blaaaaaaackkkkk BLLAAAAAACCCKKK!
Therefore block-listed
Paranoid much?
http://news.netcraft.com/archives/2010/07/15/firefox-security-test-add-on-was-backdoored.html
Sign up, sign up for The Register's weekly IT security newsletter - click here
