08-07-2025
Firefox Users Warned As Credential Theft Hackers Target Browser
Malicious Firefox extensions can steal your passwords.
When someone says your browser security is at risk, or that credential-stealing hackers are targeting your browser, the chances are that your mind will turn to Google Chrome. Not because it is an insecure application, far from it, but rather it's the world's most popular web browser by some margin, so naturally it is the target of most attacks. Cybercriminal hackers, however, like to spread the malicious hate, and users of the privacy-focused Mozilla Firefox can not escape their attention. A new report has uncovered a total of eight malicious Firefox extensions that could steal authentication tokens and even spy on users. Here's what you need to know.
Dangerous Firefox Extensions Uncovered By Socket Threat Research Team
Whatever web browser you use, the universal truth is that someone will be out to get you. When it comes to cybercriminals, a preferred attack route is via a malicious extension or add-on. Which is why all browser vendors, including Mozilla, provide background protections and public support to minimize the risk as much as is humanly and technologically possible. Yet, as the July 4 Socket Threat Research Team report confirmed, attackers continue to target Firefox users.
'While our investigation focuses on Firefox extensions,' Kush Pandya a security engineer and researcher, and part of the Socket Threat Research Team, said, 'these threats span the entire browser ecosystem.' However, the specific Firefox investigation in question disclosed a total of eight extensions that were capable of causing harm, including: redirection to scam sites, user session hijacking to earn commissions on shopping sites, spying using invisible iframe tracking methodology, and, perhaps most seriously of all, authentication theft.
Mitigating The Firefox Extensions Attack Risk
I would advise you to read the full report for all the technical information and details of the extensions themselves. Meanwhile, however, I have been in communication with Mozilla. I can confirm that it is both aware of the threats in question and has taken positive action to protect Firefox users. I was assured that the Firefox add-ons team had reviewed the extensions mentioned in the report, which obviously went against Mozilla's add-on policies. The team found they had affected what it called a very small number of users and that appropriate action, including taking down some of the extensions, had been taken.
'We help users customize their browsing experience by featuring a variety of add-ons, manually reviewed by our Firefox Add-ons team, on our Recommended Extensions page,' a Firefox spokesperson said. To keep users safe, the spokesperson continued, 'we disable extensions that compromise their safety or privacy, or violate our policies, and continuously work to improve our malicious add-on detection tools and processes.'
Mozilla further recommended that Firefox users take additional steps, bearing in mind that such add-ons are usually developed by third parties, to protect themselves from threat actors. These include checking extension reviews and ratings, and keeping your eyes open for any that require excessive permissions that are not consistent with what the extension claims to do. 'If an extension seems like it might be malicious,' the spokesperson said, 'users should report it for review.'
