Mozilla pulls keylogging Firefox add-on

OPEN SOURCE WEB BROWSER outfit Mozilla has yanked a Firefox add-on due to security concerns.

The Mozilla Sniffer add-on ended up on the Firefox Add-On Gallery, a showcase for applications that extend the functionality of the popular web browser. The application has since been pulled after it was found out that Mozilla Sniffer was in fact, a keystroke logger.

It should be noted that the insecurity lies with the add-on rather than the browser itself, with Mozilla saying "Uninstalling the add-on stops this behaviour." It also recommends that "Anybody who has installed this add-on should change their passwords as soon as possible."

Mozilla confirm that the application had been downloaded over 1,800 times and apparently 334 users actively participated in furnishing the developer with passwords. The software outfit will be sending out notifications to those who are using it warning of the dangers and urging them to ditch the software.

It represents an embarrassment for Mozilla, which is facing increasing competition in the browser market from Google, Apple, Opera and even Microsoft. Mozilla claims that the keylogger add-on was not vetted by its engineers prior to being uploaded to its site.

This sorry episode will, hopefully, jolt the Mozilla project's quality control operation into action as Firefox is built on the premise that it provides a secure alternative to the liability that is Microsoft's Internet Explorer. µ