Mozilla Confirms Security Threat From Malicious Firefox Add-Ons
With potentially thousands of users hit by a Trojan posted on addons.mozilla.org, Mozilla is advising Windows users to run an antivirus scan.
As its grown in popularity, the open source Mozilla Firefox Web browser has fostered a broad ecosystem of add-ons that expand its functionality. As it turns out, though, that same ecosystem can also potentially expose users to risk.
Mozilla today disclosed that a pair of add-ons hosted on its addons.mozilla.org (AMO) site included Trojans. As a result, if a Windows user installed the add-ons, they would be infected by malware that could potentially steal their information.
The two infected add-ons are Version 4.0 of Sothink Web Video Downloader and all versions of Master Filer download manager.
Mozilla recommends that potentially impacted Windows users -- who may number in the thousands -- run an antivirus program since simply uninstalling the affected add-ons does not remove the Trojans.
According to Mozilla, Master Filer has been downloaded 600 times while the Sothink Web Video Downloader has been downloaded 4,000 times. Mozilla removed Master Filer on Jan. 25, 2010 and Sothink Web Video Downloader on Feb. 2, 2010.
A comment on the AMO site as early as Dec. 11, 2009 identified Master Filer has having a Trojan.
"Be careful, Kaspersky detect a component of this extension ("file.exe") as a Trojan horse.... maybe it's a false positive, maybe not," AMO user Xavius wrote. (A cached version of the Trojan warning is available here.)
As to how a pair of infected add-ons ended up on Mozilla's site, Mozilla faults its scanning tool.
"AMO performs a malware check on all add-ons uploaded to the site, and blocks add-ons that are detected as such," Mozilla wrote in its advisory. "This scanning tool failed to detect the Trojan in Master Filer. Two additional malware detection tools have been added to the validation chain and all add-ons were rescanned, which revealed the additional Trojan in Version 4.0 of Sothink Web Video Downloader. No other instances of malware have been discovered."