Firefox add-on infected with Trojan remnant

A Vietnamese language pack for the open-source Web browser was tainted with part of the infectious Xorer Trojan since February. A new version is now being checked.

Stephen Shankland Former Principal Writer
Stephen Shankland worked at CNET from 1998 to 2024 and wrote about processors, digital photography, AI, quantum computing, computer science, materials science, supercomputers, drones, browsers, 3D printing, USB, and new computing technology in general. He has a soft spot in his heart for standards groups and I/O interfaces. His first big scoop was about radioactive cat poop.
Expertise Processors | Semiconductors | Web browsers | Quantum computing | Supercomputers | AI | 3D printing | Drones | Computer science | Physics | Programming | Materials science | USB | UWB | Android | Digital photography | Science Credentials
  • Shankland covered the tech industry for more than 25 years and was a science writer for five years before that. He has deep expertise in microprocessors, digital photography, computer hardware and software, internet standards, web technology, and more.
Stephen Shankland
2 min read

Update 4:15 p.m. May 12: The file was actually infected with a remnant part of code from the Xorer Trojan, not with the full Trojan itself, according to a follow-up Mozilla blog post. The remnant "does not infect the user's machine with the virus (and) is a remnant from a virus that most likely infected the language pack developer's machine," Mozilla said. "To minimize the potential of something similar happening in the future, Mozilla is now scanning all add-ons whenever the signatures for the antivirus software are updated."

A Vietnamese language pack infected with parts of a Trojan for the Firefox Web browser was available for download from the open-source Web browser's official add-on site for months.

Mozilla, which oversees the project, announced the problem on its security blog on Wednesday, saying people should disable the add-on pack for now.

"Everyone who downloaded the most recent Vietnamese language pack since February 18, 2008, got an infected copy," Mozilla said. "While we cannot determine the exact number of compromised downloads, there have been 16,667 total downloads of the Vietnamese language pack since November 2007, so we anticipate the impact on users to be limited."

The author of the add-on pack, who acknowledged on Thursday that his machine had been infected, isn't suspected of any intentional harm, according to the discussion of the problem. The author offered a cleaned-up version Thursday that so far appears OK.

Mozilla scans its files for viruses, Trojans, and other problems. But the file had been uploaded nearly two months before the antivirus software could detect the Trojan in question, called Xorer.

(Via SecurityFocus.)