Mozilla Issues Urgent Security Warning Over Phishing Campaign Targeting Firefox Add-ons

Mozilla, the non-profit organization behind the Firefox web browser, has issued an urgent warning about a targeted phishing campaign aimed at compromising developer and user accounts associated with its browser extensions platform.

The security alert, released on August 1, 2025, identifies a rise in phishing emails directed at contributors to Firefox add-ons, officially hosted on the Add-ons Mozilla Organization (AMO) platform. These emails are designed to deceive recipients into surrendering login credentials, giving attackers potential access to trusted developer accounts.

According to Mozilla, the goal of these attacks appears to be the infiltration of high-trust accounts to inject malicious code into widely used extensions. Such compromises could enable unauthorized data collection, financial theft, or malware distribution through extensions users already trust and rely on.

Firefox, used by approximately 142 million people globally, supports over 60,000 extensions and 500,000 themes through its AMO platform. The current threat vector exploits this extensive ecosystem, with gaming tools, cryptocurrency wallets, and ad-blocking add-ons being among the primary targets.

In a public statement, Mozilla emphasized the sophistication of the phishing techniques, noting that fraudulent emails mimic official communications. The organization urges developers and users to exercise heightened vigilance.

“We have identified a coordinated phishing campaign targeting Firefox add-on developers,” a Mozilla spokesperson stated. “The attackers are using convincing tactics to obtain credentials, posing serious risks to both developers and the millions of users who install their extensions.”

Mozilla has provided anti-phishing guidelines on its website, encouraging users and developers to verify sender addresses, enable two-factor authentication, and avoid clicking suspicious links. The organization also recommends checking account activity for signs of unauthorized access.

Cybersecurity experts view this development as part of a broader trend of threat actors leveraging trusted software supply chains. Similar incidents have previously impacted platforms like Chrome Web Store and npm, underlining the vulnerability of open extension ecosystems.

“Browser extensions are an attractive target because they have privileged access and are widely trusted by users,” said Lisa Trent, a cybersecurity analyst at WatchGuard Technologies. “The Firefox case highlights the ongoing need for robust vetting and monitoring procedures across all browser ecosystems.”

Public reaction has been mixed, with some users voicing concerns about the potential for malicious extensions to bypass security checks. Others applauded Mozilla’s transparency and swift response.

As the threat landscape evolves, Mozilla continues to investigate and monitor the situation. Users are advised to update their security settings, review installed extensions, and report any suspicious behavior via official Mozilla channels.

The warning adds to growing industry pressure for tighter controls and standardized security practices in browser extension marketplaces.
Read More: LAD REPORTING