February 6th, 2010, 16:24 PM
Mozilla confirms infected Firefox add-ons slipped through security
Mozilla confirmed late Thursday that it failed to detect malware in a pair of Firefox add-ons, which may have infected up to 4,600 users.
The add-ons have been removed from Firefox's official add-on download site.
According to an entry on the Mozilla Add-ons blog, Sothink Web Video Downloader 4.0 and all versions of Master Filer were infected with Trojan horses designed to hijack Windows PCs. Both add-ons were in the "experimental" area of Firefox's add-on download site, where newer extensions remain until they undergo a public review process. To install experimental add-ons, Firefox users must view and accept an additional warning.
Master Filer was downloaded about 600 times in the five months ending Jan. 25, when it was pulled from the site. Sothink Web Video Downloader 4.0 was downloaded approximately 4,000 times between February and May 2008. The most up-to-date version of the latter, which captures streaming videos in a variety of formats, is 5.7.
Any Windows users who installed one of the two add-ons would have also silently executed the Trojan, which would then infect the PC. Mac and Linux users who installed the add-ons were not affected.
Full story: Computerworld