Mozilla has disabled and block-listed a Firefox add-on containing code that nabs login data sent to any website and reroutes it to a remote server.

The add-on â?? known as, um, Mozilla Sniffer â?? was uploaded to the Firefox add-on site on June 6, and the malicious code was discovered on Monday, after which the add-on was block-listed. This means netizens who installed the add-on will be prompted to remove it. Mozilla also says that, yes, anyone who has installed the add-on should change their web passwords tout de suite.

"If a user installs this add-on and submits a login form with a password field, all form data will be submitted to a remote location," Mozilla said in a Tuesday blog post, before adding that the remote server charged with collecting passwords appeared to be down.
Article source: here.