If you use Firefox browser on your device, you need to be aware of an urgent new warning issued by the developer Mozilla. The non-profit has discovered a serious security threat in the browser extensions feature. Mozilla issued an urgent warning on August 1 about cybercriminals targeting the accounts of add-on developers and users through sophisticated phishing emails.
Mozilla hasn't revealed exactly why criminals are going after the people behind add-ons for its popular web browser, which is used by some 142 million people worldwide, although it's likely that crooks want access to trusted developer accounts to introduce malware, steal customer data, or other nefarious activity to earn some money.
The threat affects the Add-ons Mozilla Organisation platform, known as AMO, which hosts more than 60,000 browser extensions and over 500,000 themes used by millions of Firefox users worldwide.
**ARE YOU READING THIS ON OUR APP? DOWNLOAD NOW FOR THE BEST GB NEWS EXPERIENCE**
While it's not as popular as Google Chrome, or Safari — developed by Apple, Mozilla's Firefox is a free web browser that lets people access and browse the web. It describes itself as: "Go online with fewer distractions, noise and stress. Think of us as a breath of fresh air."
Developers work on extensions and add-ons for the Firefox web browser, which are available to download to unlock extra functionality
|MOZILLA
Developers who work on add-ons and extensions for Firefox are being targetted with phishing emails, Mozilla has warned.
These fraudulent messages claim your Mozilla Add-ons account needs updating to maintain access to developer features. The attackers are impersonating Mozilla's official communications, attempting to steal login credentials from developers and users of extensions you might use daily.
The common types of fake extensions detected include:
- Gaming extensions
- Wallet add-ons
- Ad blockers
- Online session managers
You can spot these phishing attempts through several telltale signs. For instance, the fraudulent emails contain spelling errors, such as "mozila" instead of "mozilla" in the sender's domain name. When you receive suspicious messages, check whether they originate from legitimate Mozilla domains: firefox.com, mozilla.org, mozilla.com, or their subdomains.
So, how do you protect yourself?
Your email provider already does some of the heavy lifting with the use of technical checks. Genuine Mozilla communications pass these email checks put in place, whereas phishing emails fail these security standards:
- Sender Policy Framework (SPF) uses a set of records to specify which mail servers are authorised to send emails on behalf of a domain. When an email is received, the server checks if the sending IP address is listed in the domain's SPF record. If not, the email may be marked as spam or rejected.
- DomainKeys Identified Mail (DKIM) adds digital signatures to email headers and then uses them to verify the source.
- Domain-based Message Authentication, Reporting and Conformance (DMARC) builds upon the actions of SPF and DKIM, and tells your email provider what to do if they fail the SPF or DKIM checks, such as filing them away in your spam or junk folder
If the fraudulent email still somehow makes it through these initial checks, avoid clicking any embedded links. Instead, navigate directly to mozilla.org or firefox.com by typing the address into your browser. Only enter your Mozilla credentials on these official websites, never through email links.
Firefox is used by 142 million users worldwide
|MOZILLA
The phishing campaign has already tricked users. One developer reported falling for the scam before recognising the deception and removing their extension from the platform.
Your browser extensions could become vehicles for malware if attackers gain control of developer accounts. Cybercriminals use these supply chain attacks to inject malicious code into trusted extensions, potentially accessing your banking details, social media accounts, cryptocurrency wallets, passwords, and browsing data.
The scale of this threat extends beyond individual users. With AMO serving tens of millions of Firefox users globally, a single compromised developer account could distribute malware to thousands or millions of unsuspecting people through automatic extension updates.
LATEST DEVELOPMENTS
Mozilla advises developers to consult resources from the US Federal Trade Commission and UK National Cyber Security Centre for comprehensive phishing detection guidance. The organisation's security team, led by Scott DeVaney, emphasises implementing strict verification procedures when handling suspicious communications.
This incident follows other recent discoveries of malicious browser extensions across other platforms. Security researchers from Koi Security uncovered Chrome and Edge add-ons that secretly spy on users while appearing legitimate. These extensions tracked browsing activity and communicated with remote servers, highlighting the broader threat landscape facing browser extension users.
Mozilla launched new security features in late May specifically designed to block malicious Firefox extensions that target cryptocurrency wallets, demonstrating ongoing efforts to combat these evolving threats.
More From GB News