firefox bomb-1.pngI think it’s safe to say that a lot of Firefox users associate the browser with security. It may normally keep you out of harms way, but that’s not the case if you downloaded the Vietnamese language pack after February 18, 2008. It turns out that Mozilla released a copy of that particular language pack which was modified by a virus on their system. Since November 2007 there have been over 16,000 downloads of the add-on, but they aren’t sure how many of those downloads came after February 18th.

The actual language pack itself does not contain the virus, but it was modified by a virus to load remote content. They believe that it was mostly used for showing the user ads, but they don’t deny that it could be used for more malicious purposes.

The script that was injected into the language pack will be detected as HTML.Xorer by most antivirus applications. It was first recognized as a virus on April 14th, but it wasn’t found sooner by Mozilla because they only perform scans when the add-ons are uploaded. There are no subsequent scans, but they assure us that this will be changing in the future.

This makes me a little leery of installing any add-ons now. Just because it is coming from a trusted developer doesn’t mean that the extension hasn’t unintentionally been compromised. We just saw it happen right here, and it affects all operating systems since it is merely a script that has to run. I guess this is even more of a reason not to install an abundance of extensions.

The Vietnamese language pack has since been removed from the add-ons site.

Mozilla Security Blog [via Heise]