- dotTech - http://dottech.org -

Mozilla confirms malware add-ons for Firefox slipped through the cracks and promises to improve screening process

Posted By Ashraf On February 6, 2010 @ 2:16 PM In Keeping Them Honest | 20 Comments

Although not the most popular browser out there, Firefox – by the Mozilla Foundation – is very popular for its combination of speed, customization (via add-ons), and a fair amount of security. That is not to say it is the most fast browser, has the best customization (which is does, though), and is the most secure, but that means Firefox blends the three aspects together better than most other browsers. So when news hits the streets that users may be getting infected because of Firefox… well, ya you get the point.

Recently Mozilla – on their AMO blog [1] – announced that two third party add-ons for Firefox were malware infected:

Two experimental add-ons, Version 4.0 of Sothink Web Video Downloader and all versions of Master Filer were found to contain Trojan code aimed at Windows users. Version 4.0 of Sothink Web Video Downloader contained Win32.LdPinch.gen, and Master Filer contained Win32.Bifrose.32.Bifrose Trojan. Both add-ons have been disabled on AMO.

For those users that were infected by these add-ons, Mozilla recommends the following:

If a user installs one of these infected add-ons, the trojan would be executed when Firefox starts and the host computer would be infected by the trojan. Uninstalling these add-ons does not remove the trojan from a user’s system. Users with either of these add-ons should uninstall them immediately. Since uninstalling these extensions does not remove the trojan from a user’s system, an antivirus program should be used to scan and remove any infections.

(If you don’t have an antivirus program, drop by my post on best free security software [2] and get yourself some protection.)

Noooooooooooooooooooo! Mozilla you have failed meeeeeeeeeeeeeeeeeeeeeeeeeeeeee…

In light of this development, Mozilla has promised to beef up the add-on screening process by adding “two additional malware detection tools” to the “validation chain”. Additionally, Mozilla rescanned all current add-ons and no other instances of malware – except the two mentioned above – were found.

The thing that surprised me the most about this development is that an add-on from Sothink – a software developer I found to be trust worthy – was one of the two add-ons that contained malware.

So, what do you think? Should Microsoft should send a fruit basket to Mozilla HQ? Feel free to express your thoughts below.

Thanks Wheezer [3]!


Article printed from dotTech: http://dottech.org

URL to article: http://dottech.org/14301/mozilla-confirms-malware-add-ons-for-firefox-slipped-through-the-cracks-and-promises-to-improve-screening-process/

URLs in this post:

[1] AMO blog: http://blog.mozilla.com/addons/2010/02/04/please-read-security-issue-on-amo/

[2] best free security software: http://dottech.org/featured/3174

[3] Wheezer: http://dottech.org/forums/talk-it-up/firefox-add-on-warning-on-cnet

© 2008-2012 dotTech.org | All content is the property of its rightful owner.