Skip to content
Webext to detect and stop phishing attacks that attempt to gather your SSO credentials
Branch: master
Clone or download
Latest commit 996c756 Sep 19, 2018
Type Name Latest commit message Commit time
Failed to load latest commit information.
Makefile initial import Sep 19, 2018

SSO No Phishing

Status: POC

How does it work?

This extension detects your logins to the genuine Mozilla IAM SSO and records a hash representation of your credentials (not the actual credentials). Every time you post data to a website, the extension verifies that it does not contain your Mozilla IAM SSO credentials. If it does and does not match the genuine Mozilla IAM SSO domains, it will warn you that this is probably a phishing attack before continuing (you can choose to ignore the warning at your own risk)


  • Browse to about:debugging
  • Enable add-on debugging if you want to
  • Click "Load temporary add-on" and select the manifest.json file
  • You can also remove or reload or debug the add-on from here.

See for a reference.

You can’t perform that action at this time.