On Sun, 14 Feb 2010 02:27:11 -0800 (PST) Jake Metherell <[email protected]> wrote:
> I noticed (via monitoring with FireBug) that a fairly popular add-on > (S3Fox) is making dozens of http requests that appear to have nothing > to do with the add-on's normal function. It could be attempting to > harvest information/passwords etc. from the user, but I'm not sure and > it might just be a bug. > > Obviously, I could report the issue to the creator of the add-on, but > that might not be the best place if it is doing bad things. https://addons.mozilla.org/en-US/developers/docs/policies/contact#section-security "Add-on Security Vulnerabilities If you have discovered a security vulnerability in an add-on, even if it is not hosted here, Mozilla is very interested in your discovery and will work with the add-on developer to correct the issue as soon as possible. Add-on security issues can be reported confidentially in Bugzilla or by emailing [email protected]." ~reed -- Reed Loden - <[email protected]> _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
