This document summarizes how malware can steal sensitive web information by exploiting Firefox vulnerabilities. It describes how a malicious Firefox extension could intercept HTTP requests, parse them to retrieve usernames, passwords, credit card numbers entered by the user on various websites. The malware would collect these secrets and send them to an external server via a Communicator Module. It then discusses techniques the malware could use to install itself on a victim's Firefox browser like exploiting other software vulnerabilities, bundling with popular extensions, or leveraging Firefox's extension upgrade process.