Mozilla has issued a warning regarding phishing attacks aimed at the accounts of add-on developers.

Mozilla has issued an urgent security alert to its developer community due to a sophisticated phishing campaign targeting AMO (Addons.Mozilla.Org) accounts. The company’s security team, led by Scott DeVaney, reported on August 1, 2025, that cybercriminals are actively attempting to compromise developer credentials through deceptive emails that claim account updates are necessary to maintain access to developer features. These malicious emails often contain variations of the message, “Your Mozilla Add-ons account requires an update to continue accessing developer features.” Security researchers have identified key indicators to help developers distinguish between legitimate communications and fraudulent ones. Authentic Mozilla emails originate exclusively from verified domains, including Firefox.Com, Mozilla.Org, Mozilla.Com, and their respective subdomains. Legitimate emails also pass essential email authentication protocols, such as SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting, and Conformance) checks.

The phishing campaign exploits developers’ concerns about maintaining access to their publishing privileges on the AMO platform, which serves as the primary distribution channel for Firefox extensions and add-ons. Evidence from affected developers reveals that some phishing emails contain obvious technical flaws, such as misspelled domain names like “Mozila” instead of “Mozilla,” which should serve as immediate red flags. Despite these apparent errors, the campaign has successfully compromised at least one developer account, with one victim reporting they “fell for the phishing scam” before quickly realising the deception and deleting their extension. Mozilla’s security advisory emphasises a multi-layered approach to protection, urging developers to implement strict verification procedures when handling suspicious communications. The company recommends that developers avoid clicking embedded links in emails claiming to be from Mozilla and instead navigate directly to Mozilla.Org or Firefox.Com domains. Critical security protocols include validating that any links within emails point exclusively to verified Mozilla domains and ensuring that Mozilla credentials are only entered on official Mozilla.Org or Firefox.Com websites.