Categories: Security

Security Issues With Two Experimental Add-Ons

Important Note: One of the malware results has been verified to be a false positive.  Further details are available here: http://blog.mozilla.org/addons/2010/02/09/update-on-the-amo-security-issue/

Original blog entry follows below.

Two add-ons in the experimental section of addons.mozilla.org were found to be containing malware.  These were not originally detected with the anti-malware scanning tools that we have been using.  We have since increased the number of scanning tools, and will be taking additional steps to minimize the risk of further incidents.  Full details of the issue and recommended mitigation steps are here on the AMO blog:

http://blog.mozilla.org/addons/2010/02/04/please-read-security-issue-on-amo/

3 comments on “Security Issues With Two Experimental Add-Ons”

  1. Tony Mechelynck wrote on

    Yes, and IIUC the important points are the following:
    – Only Firefox is affected, and only on Windows;
    – If you have (at any point in the past) installed the infected add-ons, it isn’t enough to uninstall them, you must, in addition, scan your PC with an antivirus. (The AMO blog post contains a list of antivirus programs known to detect the malware in question.)

  2. Alan Baxter wrote on

    It looks like the current scans of the SoThink 4.0 addon may have been false positives. SoThink updated the addon to 4.2 because of false positive reports in May 2008. Did AMO verify that 4.0 actually contained a trojan?

    From http://74.125.47.132/search?q=cache:aou1K7snX3QJ:https://addons.mozilla.org/en-US/firefox/addons/versions/6541+site:addons.mozilla.org+sothink+%22version+history%22&cd=1&hl=en&ct=clnk&gl=us:
    Version 4.2 — May 16, 2008 — 685 KB
    Works with:
    * Firefox: 1.5 – 3.0b3
    Fixed Bug
    * Some of anti-virus softwares misreported that it contained virus.

  3. shmerl wrote on

    Does this page violates any licenses? http://newfirefoxonline.com/ it was reported as malware site disguised to look like official Firefox download page. There should be some sanctions against such activities.