RSS Alerts

Share

More services

Related Links

  • Mozilla
  • Elsevier Ltd is not responsible for the content of external websites.

Related Stories

  • Fake Mozilla Firefox download email fools users
    The Mozilla Foundation, the organisation behind the popular Firefox web browser application, has issued a warning of a fake update email doing the rounds
  • Mozilla moves swiftly to patch SSL loophole in Firefox
    Programmers with the Mozilla Foundation have moved rapidly to patch one of the two SSL security flaws in web browsers, such as Firefox, identified by researchers at the Black Hat security briefings in Las Vegas late last week.
  • Firefox' reputation takes a battering on the security front
    The reputation of Mozilla's popular Firefox web browsing software - now into version 3.5 - took a battering this week as the Secunia security research advisory team revealed a flaw in the way the browser handles Javascript calls.
  • Internet Explorer, Firefox and Safari hacked within hours
    This year's CanSecWest, held in Vancouver, British Columbia, opened on Wednesday, with the main focus of the cracking contest being on mobile phones.
  • Mozilla backtracks on add-on malware claim
    Mozilla has apologized for its existing apology concerning a malware-infected add-on for Firefox. Last week, the company reported that a second experimental add-on for the browser had been infected by malware. After working with McAfee, it now says that the detection was a false positive.

Top 5 Stories

News

Mozilla admits it was wrong about Firefox add-on

11 February 2010

The Mozilla Foundation, the open source group behind the popular Firefox web browser, has withdrawn a claim that a software developer had infected a Firefox add-on with a trojan.

This week's admission comes after an announcement last week that two add-ons for Firefox – Master Filer and Sothink Web Video Downloader – had been withdrawn after they were found to be infected by a trojan.

In a statement posted to its blog last night, Mozilla said: "We've worked with security experts and add-on developers to determine that the suspected trojan in Version 4.0 of Sothink Video Downloader was a false positive and the extension does not include malware."

The case has highlighted the fact that Firefox add-ons are largely developed by third parties to Mozilla, Infosecurity notes.

Coupled with the fact that Firefox is an open source application, meaning that thousands of volunteers are working on improving the program code, this makes the task of verifying the code from a company perspective almost impossible.

According to CNet's IT reporter Seth Rosenblatt, meanwhile, earlier estimates of 6000 affected Windows downloads have been revised to 700 downloads.

And the good news is that Apple Mac and Linux Firefox users were not affected by the malware problem.

In his report on the matter, Rosenblatt quoted Nick Nguyen, Mozilla's add-ons director, who said that the incident that uncovered Master Filer started when a user running an antivirus program from Eset generated a warning.

"All add-ons uploaded... are reviewed for malware with automated tools", said Nguyen.

"ClamAV failed to detect the Trojan in Master Filer which caused us to re-evaluate our toolset. After upgrading our process, we rescanned the remaining 58 000 files on AMO and detected one additional instance of malware", he added.

This article is featured in:
Internet and Network Security • Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012