Mozilla has issued an pressing safety warning to Firefox add-on builders following the detection of a complicated phishing marketing campaign focusing on accounts on the Add-ons Mozilla Group (AMO) platform.
The alert, revealed by Scott DeVaney from Mozilla’s Add-ons Group group on August 1, 2025, warns builders to train excessive warning when receiving emails purporting to be from Mozilla or AMO.
Phishing Marketing campaign Particulars
The phishing marketing campaign particularly targets developer accounts on addons.mozilla.org, utilizing misleading emails that declare account updates are required to keep up entry to developer options.
In response to the Mozilla warning, these fraudulent emails sometimes comprise variations of the message stating “Your Mozilla Add-ons account requires an replace to proceed accessing developer options”.
The timing of this warning is especially vital given Mozilla’s rising extension ecosystem.
The Firefox for Android platform alone has expanded from simply over 400 extensions at its December launch to greater than 1,000 extensions in lower than 5 months, demonstrating the fast development and growing worth of the Mozilla add-on developer neighborhood.
Mozilla has offered complete steering to assist builders defend their accounts from these phishing makes an attempt.
The corporate strongly advises builders to keep away from clicking any hyperlinks contained inside suspicious emails and to confirm that communications originate from professional Mozilla-owned domains, together with firefox.com, mozilla.org, mozilla.com, or their subdomains.
Technical verification can also be essential for account safety. Mozilla recommends that builders guarantee emails go customary authentication checks, together with SPF, DKIM, and DMARC verification via their e-mail suppliers.
Moreover, builders ought to validate that any hyperlinks in emails level to official Mozilla domains earlier than accessing them, or ideally navigate instantly to those domains quite than following e-mail hyperlinks.
The warning emphasizes that Mozilla credentials ought to solely be entered on official mozilla.org or firefox.com web sites.
This observe helps stop credential theft, which might compromise not solely particular person developer accounts but additionally the extensions they keep, doubtlessly affecting 1000’s of Firefox customers who depend on these add-ons.
For builders looking for extra details about phishing detection and reporting, Mozilla has referenced useful assets from the U.S. Federal Commerce Fee and the U.Okay. Nationwide Cyber Safety Centre.
These organizations present complete guides on recognizing and avoiding phishing scams, complementing Mozilla’s particular suggestions for add-on builders.
Mozilla has indicated that it’s going to proceed monitoring the scenario and can replace its steering as new info turns into obtainable.
The corporate’s proactive method to warning builders displays the vital significance of sustaining safety throughout the Firefox extension ecosystem, which serves hundreds of thousands of customers worldwide who rely upon these instruments for enhanced shopping performance.
Discover this Information Fascinating! Observe us on Google Information, LinkedIn, and X to Get On the spot Updates!
