I love FireFox, but this could be a sign of bad things to come:

An identity-stealing keylogger that disguises itself as a Firefox extension and installs silently in the background was discovered Tuesday by security vendor McAfee.

According to the Santa Clara, Calif.-based company, the "FormSpy" Trojan horse monitors mouse movements and key presses to steal online banking or credit card usernames and passwords, other login information, and URLs typed into Firefox, the popular open-source browser. Another component of the Trojan sniffs out passwords from ICQ and FTP sessions, and IMAP and POP3 traffic, said McAfee. All collected information is sent to an IP address hard-coded into the Trojan.

The good news? The transmission medium is spam email and you have to open the attachment to install it.

Worried you might be infected? If you are using Firefox, simply open the Tools Menu, select Extensions and look for an extension called NumberedLinks. That is a legitimate extension, but the trojan simply masquerades as it. Expect it to be updated and masquerade as other extensions in the future.