Mozilla had discovered that Master Filer, an experimental add-on offered through its AMO experimental add-on service, was infected by malware. After rescanning its other experimental add-ons with new tools, it determined that Sothink Video Downloader 4.0 also contained malicious code.
"Since that disclosure, we've worked with security experts and add-on developers to determine that the suspected Trojan in version 4.0 of Sothink Video Downloader was a false positive and the extension does not include malware," Mozilla said.
Mozilla also admitted that its original estimate of 6000 affected downloads was wrong. The company revised it to just over 1/10 of that number, and has reenabled the Sothink add-on, making it downloadable via the AMO service. "We apologize to our users and developers of Sothink for any inconvenience this has caused," it said in a sheepish post on the Mozilla Add-Ons blog.
"I don't think that Mozilla was wrong to withdrawal the add-on from availability while its status was under question, but I do think they should have double checked before publicly labeling it 'malware'," said Graham Cluley, senior technology consultant at antivirus company Sophos.
False positives are still a problem in the anti-malware world, but they rarely make their way into public malware disclosures by companies. However, commenters on the Mozilla blog point out that experimental add-ons are offered only to users with accounts specifically registered, enabling them to take advantage of the service.