Compromised file in Vietnamese Language Pack for Firefox 2

Window Snyder

5

The Vietnamese language pack for Firefox 2 contains inserted code to load remote content.  This code is the result of a virus infection, but does not contain the virus itself.  This usually results in the user seeing unwanted ads, but may be used for more malicious actions.

Everyone who downloaded the most recent Vietnamese language pack since February 18, 2008 got an infected copy.  While we cannot determine the exact number of compromised downloads, there have been 16,667 total downloads of the Vietnamese language pack since November 2007, so we anticipate the impact on users to be limited.

Mozilla does virus scans at upload time but the virus scanner did not catch this issue until several months after the upload.  We are also adding after-the-fact scans of everything to address this sort of case in the future.

A new language pack will be available shortly.  Until then, Vietnamese language pack users should disable this package using the add-ons dialog on the Tools menu.

More information is available in bugzilla: https://bugzilla.mozilla.org/show_bug.cgi?id=432406

5 responses

  1. Jack wrote on :

    Just curious. But shouldn’t Firefox scan extensions, language pack and themes for viruses when you download them (with the users anti virus).

    The download manager does this for downloads. Add on manager should do the same before you can install.

    By doing it that way the risk diminishes even further and you increase the defense vectors by utilizing a variety of different anti virus products.

    Maybe Firefox could even send a warning back to the location the add on came from to inform that a users anti virus detected something suspicious.

  2. Da Scritch wrote on ::

    Dear Window

    Perhaps the best way to communicate on this issue is to have a vietnamese translation of this communiquee ?

  3. Navtej Kohli wrote on ::

    Thanks for informing. I was going to download this pack for my work purpose but I will wait now till a new language pack is released.

  4. pj wrote on :

    According to SANS institute, Firefox was the number one application worldwide for 2008 in term of vulnerabilities. a bit disconcerting, as I switched to it from IE for security reasons. (40 vulnerabilities)

  5. TzuVelli wrote on ::

    I think Firefox got a raw deal on this issue. many people were saying that this was a full blown virus infection when it was not. Good to see the issue has been clarified. I have really liked using Firefox and have enjoyed using a browser with an extensive development community. It would have been difficult to walk away from it.