Mozilla announced this week that all developers of Firefox add-ons must enable a two-factor authentication (2FA) solution for their account. From a report: “Starting in early 2020, extension developers will be required to have 2FA enabled on AMO [the Mozilla Add-Ons portal],” said Caitlin Neiman, Add-ons Community Manager at Mozilla. “This is intended to help prevent malicious actors from taking control of legitimate add-ons and their users,” Neiman added. When this happens, hackers can use the developers’ compromised accounts to ship tainted add-on updates to Firefox users. Since Firefox add-ons have a pretty privileged position inside the browser, an attacker can use a compromised add-on to steal passwords, authentication/session cookies, spy on a user’s browsing habits, or redirect users to phishing pages or malware download sites. These types of incidents are usually referred to as supply-chain attacks.
Read more of this story at Slashdot.
Source:
https://it.slashdot.org/story/19/12/13/152239/mozilla-to-force-all-add-on-devs-to-use-2fa-to-prevent-supply-chain-attacks?utm_source=rss1.0mainlinkanon&utm_medium=feed