The question here is not whether it is a password sniffer or not, it is about how do I get rid of it once I installed since it is hidden from the FF Extension Manager? Chicken and egg problem.
Finally, I've no choice but to do it manually. Here's how I remove/disable it manually:
- Close your FF blowser and locate your FF user profile folder. Eg: %APPDATA%\Mozilla\Firefox\Mozilla\Profiles\[User Profile]\[random string].default\
- Go into subfolder "extensions\{66cdf40a-d0f2-46d0-abf4-eccba8205aef}\chrome". You should see a file called "ffsniff.jar"
- Find an unpacker (Eg. 7-zip) to unpack the "ffsniff.jar".
- Once unpack, go into "content\ffsniff\" folder and look for a file called "ffsniffOverlay.js".
- Edit the file with notepad. Goto the bottom (line 119), remark the line "hide_me();" with two slashes "//" (without the quote) in front.
- Save and close the file and put everything back to "ffsniff.jar".
- Start your FF broswer now and goto the Extension Manager, you should be able to see the extension called "FFsniFF 0.2".
- Now you can disable it.
- Disable FFsniFF Manually - J.Track
- http://jtrack.blogspot.com/2008/03/disable-ffsniff-manually.html
- FFsniFF Homepage
- http://azurit.gigahosting.cz/ffsniff/
- http://azurit.elbiahosting.sk/ffsniff/
- Vulnerability Summary CVE-2006-6585
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6585
- SecurityFocus
- http://www.securityfocus.com/archive/1/archive/1/454058/100/0/threaded