Mozilla has disabled and block a Firefox add-on recently which contained code that nabs login data sent to any website and reroutes it to a remote server.

The add-on, Mozilla Sniffer — was uploaded to the Firefox add-on site on June 6, and the malicious code was discovered on Monday, after which the add-on was blocked. Mozilla also says that anyone who has installed the add-on should change their web passwords as soon as possible.

“If a user installs this add-on and submits a login form with a password field, all form data will be submitted to a remote location,” Mozilla said, before adding that the remote server charged with collecting passwords appeared to be down.