Compromised file found in language pack for Firefox

Share this article:
An add-on for the popular Firefox browser hid potentially malicious code, possibly contaminating the machines of anyone who downloaded it. The add-on was a Vietnamese language pack, and though it has been removed from the official Mozilla add-on website, it was undetected until this week.

Window Snyder, Mozilla's security chief, told SCMagazineUS.com Thursday that “about 1,200 people downloaded the pack every week since Feb. 18. Compared to 170 million users, that's a small number.”

The language pack was a single file that had a remnant of a script tag that could direct a user to a site that would play unsolicited ads.

“It was not an infection, per se, and the site it directed users to is down. The most likely scenario was that users would be seeing unwanted ads,” Snyder said.

How did it get into the pack? Said Snyder, “We did not do forensics on the developer's machine, but the most likely scenario was that the machine was infected and when the developer uploaded the pack to our add-on site, our antivirus software did not detect it.”

The virus signature was not identified until April.

A new language pack will be available shortly. Until then, Vietnamese language pack users should disable this package, she said.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Information sharing requires breaking down barriers, White House cyber guru says

Information sharing requires breaking down barriers, White House ...

The White House has advanced an agenda to promote and facilitate information sharing on security threats and vulnerabilities.

Worm variant of Android ransomware, Koler, spreads via SMS

Worm variant of Android ransomware, Koler, spreads via ...

Upon infection, the Koler variant will send an SMS message to all contacts in the device's address book.

Patch for Windows flaw can be bypassed, prompts temporary fix from Microsoft

Patch for Windows flaw can be bypassed, prompts ...

The Windows zero-day received a patch last week, but the fix can still be bypassed by crafty attackers.