Compromised file found in language pack for Firefox

By
Follow google news

An add-on for the popular Firefox browser hid potentially malicious code, possibly contaminating the machines of anyone who downloaded it.


The add-on was a Vietnamese language pack, and though it has been removed from the official Mozilla add-on website, it was undetected until this week.

Window Snyder, Mozilla's security chief, told SCMagazineUS.com Thursday that “about 1,200 people downloaded the pack every week since Feb. 18. Compared to 170 million users, that's a small number.”

The language pack was a single file that had a remnant of a script tag that could direct a user to a site that would play unsolicited ads.

“It was not an infection, per se, and the site it directed users to is down. The most likely scenario was that users would be seeing unwanted ads,” Snyder said.

How did it get into the pack? Said Snyder, “We did not do forensics on the developer's machine, but the most likely scenario was that the machine was infected and when the developer uploaded the pack to our add-on site, our antivirus software did not detect it.”

The virus signature was not identified until April.

A new language pack will be available shortly. Until then, Vietnamese language pack users should disable this package, she said.

Add iTnews as your trusted source

Add iTnews As Your Trusted Source Add iTnews As Your Trusted Source
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
compromisedfilefirefoxforfoundinlanguagepacksecurity

Sponsored Whitepapers

Cloud Covered Report: New Zealand
Cloud Covered Report: New Zealand
How healthcare organisations can get more value from cloud
How healthcare organisations can get more value from cloud
2026 Identity Security Landscape
2026 Identity Security Landscape
Are Australian organisations as cyber-ready as they think?
Are Australian organisations as cyber-ready as they think?
Are New Zealand organisations as cyber-ready as they think?
Are New Zealand organisations as cyber-ready as they think?

Events

Most Read Articles

ASD draws a hard line on developers lacking security skills

ASD draws a hard line on developers lacking security skills
Services Australia describes fraud, debt-related machine learning use cases

Services Australia describes fraud, debt-related machine learning use cases
Anthropic pulls Mythos-class models globally

Anthropic pulls Mythos-class models globally
Access control flaw left FIFA World Cup match streams wide-open

Access control flaw left FIFA World Cup match streams wide-open
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio

Log In

  |  Forgot your password?