It was found that malicious code could be inserted in the collection of Mozilla Add- US. Estes Add – ons are basically used to organize accessories for personal and business purposes and can be shared on social networks also.
“Since the Mozilla add-on site has millions of downloads, it is easily possible for the attacker to convince the victim to visit the collection page”, said the expert SecurityWeek.
Users were later exposed to all kinds of virus attacks that could be carried out through XSS flaws and most common attack was the cookie theft.
Sites are usually vulnerable to XSS flaw, add-on collections are very useful for Firefox users, like this, to discover the problem Sr. Javed received $ 2.500 that Mozilla. There were two other bugs discovered on which Mozilla not revealed any information beyond the location.
This is not the first time he had received a heavy amount, Google granted him US $ 3.000 for XSS reflected in the main bar search YouTube Gaming site