In a recent BugTraq entry, a new attack vector has been discovered – by creating a malicious FireFox extension.

FireFox is getting popular as an alternative browser to the bug-and-malware prone Internet Explorer. It utilizes tabbed browsing, and is customizable through themes and extensions. Now, extensions are executable code. So an attacker can create an innocuous looking extension and entice users to download and install the said extension. Voila!

In the posted description, an HTML form sniffer extension was created. To quote:

FFsniFF is a simple Firefox extension, which transforms your browser into the html form sniffer. Everytime the user click on ‘Submit’ button, FFsniFF will try to find a non-blank password field in the form. If it’s found, entire form (also with URL) is sent to the specified e-mail address.

Scary? Not really. The solution is simple. You should only download and install extensions from the official FireFox themes and extensions site.