The software, called Mozilla Sniffer, had been downloaded about 1,800 times in the approximately five weeks it was available on addons.mozilla.org, Mozilla reported in a blog post on Tuesday.
The blocklist will prompt the add-on to be uninstalled for computers running the program. Users who installed it should change their passwords.
Mozilla Sniffer intercepts login data and sends it to a remote server that appeared to be down, according to the blog post.
The software was not developed by Mozilla, nor was it reviewed by the company. Unreviewed add-ons are scanned for viruses, Trojans and other malware, but some malicious activity can only be detected by reviewing the code, Mozilla said.
“We’re already working on implementing a new security model for addons.mozilla.org that will require all add-ons to be code-reviewed before they are discoverable in the site,” the company said.
Source: CNET News
Now in my own opinion, if this happens to a user of mozilla firefox, he/she didn’t knew what he/she’d installed in his/her firefox…
So, before you install addons in you firefox, you should read the reviews, feedbacks/comments from other users of any addons from mozilla addons site…