If you use Firefox browser on your device, you need to be aware of an urgent new warning issued by the developer Mozilla. The non-profit has discovered a serious security threat in the browser extensions feature. Mozilla issued an urgent warning on August 1 about cybercriminals targeting the accounts of add-on developers and users through sophisticated phishing emails.

Mozilla hasn't revealed exactly why criminals are going after the people behind add-ons for its popular web browser, which is used by some 142 million people worldwide, although it's likely that crooks want access to trusted developer accounts to introduce malware, steal customer data, or other nefarious activity to earn some money.

The threat affects the Add-ons Mozilla Organisation platform, known as AMO, which hosts more than 60,000 browser extensions and over 500,000 themes used by millions of Firefox users worldwide.

While it's not as popular as Google Chrome, or Safari — developed by Apple, Mozilla's Firefox is a free web browser that lets people access and browse the web. It describes itself as: "Go online with fewer distractions, noise and stress. Think of us as a breath of fresh air."

MOZILLA

Developers who work on add-ons and extensions for Firefox are being targetted with phishing emails, Mozilla has warned.

These fraudulent messages claim your Mozilla Add-ons account needs updating to maintain access to developer features. The attackers are impersonating Mozilla's official communications, attempting to steal login credentials from developers and users of extensions you might use daily.

The common types of fake extensions detected include:

So, how do you protect yourself?

Your email provider already does some of the heavy lifting with the use of technical checks. Genuine Mozilla communications pass these email checks put in place, whereas phishing emails fail these security standards:

If the fraudulent email still somehow makes it through these initial checks, avoid clicking any embedded links. Instead, navigate directly to mozilla.org or firefox.com by typing the address into your browser. Only enter your Mozilla credentials on these official websites, never through email links.

MOZILLA

The phishing campaign has already tricked users. One developer reported falling for the scam before recognising the deception and removing their extension from the platform.

Your browser extensions could become vehicles for malware if attackers gain control of developer accounts. Cybercriminals use these supply chain attacks to inject malicious code into trusted extensions, potentially accessing your banking details, social media accounts, cryptocurrency wallets, passwords, and browsing data.

The scale of this threat extends beyond individual users. With AMO serving tens of millions of Firefox users globally, a single compromised developer account could distribute malware to thousands or millions of unsuspecting people through automatic extension updates.

Mozilla advises developers to consult resources from the US Federal Trade Commission and UK National Cyber Security Centre for comprehensive phishing detection guidance. The organisation's security team, led by Scott DeVaney, emphasises implementing strict verification procedures when handling suspicious communications.

This incident follows other recent discoveries of malicious browser extensions across other platforms. Security researchers fromand Edge add-ons that secretly spy on users while appearing legitimate. These extensions tracked browsing activity and communicated with remote servers, highlighting the broader threat landscape facing browser extension users.

Mozilla launched new security features in late May specifically designed to block malicious Firefox extensions that target cryptocurrency wallets, demonstrating ongoing efforts to combat these evolving threats.