Mozilla announced this week that all developers of Firefox add-ons must enable a two-factor authentication (2FA) solution for their account. From a report: “Starting in early 2020, extension developers will be required to have 2FA enabled on AMO [the Mozilla Add-Ons portal],” said Caitlin Neiman, Add-ons Community Manager at Mozilla. “This is intended to help prevent malicious actors from taking control of legitimate add-ons and their users,” Neiman added. When this happens, hackers can use the developers’ compromised accounts to ship tainted add-on updates to Firefox users. Since Firefox add-ons have a pretty privileged position inside the browser, an attacker can use a compromised add-on to steal passwords, authentication/session cookies, spy on a user’s browsing habits, or redirect users to phishing pages or malware download sites. These types of incidents are usually referred to as supply-chain attacks.

Read more of this story at Slashdot.

Source: Slashdot – Mozilla To Force All Add-on Devs To Use 2FA To Prevent Supply-Chain Attacks