Mozilla: Firefox Plugin Shipped With Malicious Code

Source: Yahoo News

>>>" Mozilla warned Wednesday that a malicious program inserted adware code into a Firefox plugin that has been downloaded thousands of times over the past three months.

Because of a virus infection, the Vietnamese language pack for Firefox 2 was polluted with adware, Mozilla security chief Window Snyder said in a blog posting. "Everyone who downloaded the most recent Vietnamese language pack since February 18, 2008 got an infected copy," she wrote. "Mozilla does virus scans at upload time but the virus scanner did not catch this issue until several months after the upload."

Mozilla is now going to add additional scans of its software to prevent this kind of thing from happening in the future, she said.

The Xorer Trojan

The malware in the language pack is from the Xorer Trojan, according to discussion on Mozilla's Bugzilla developer Web site, which indicates that Mozilla developers first discovered the issue on Tuesday."<<<

Read more: http://news.yahoo.com/s/pcworld/145617

---

Shit! :argh:

It never ends..........

although my computer has been acting exceptionally weird lately.:shrug:

... it's a download so no idea where you got the 'shipped' idea from. Essentially it's a plug-in (.jar file) that programmers make for the Firefox browser to add additional functionality to the aforementioned browser (tab management, right-click functions, etc...)

Apparently, someone decided to code in a trojan/RAT(Random Access Trojan) into the Vietnamese Language pack for whatever asinine reason (not sure if they outsourced the task of coding language packs to a company or individual) but if they don't outsource, then someone on the Mozilla team is trying to sabotage the Firefox browser for some unknown reason...

That is why you DOWNLOAD the plug-in to your HD (instead of allowing the .jar to install right away), associate .jar files to either 7-zip or WinRAR and scan the actual file yourself to make sure you don't compromise your computer

was being facetious ;-P

... there's that 'shipped' word LOL

Odd that the 'shipped' word was used since you don't 'ship' plug-ins anywhere. Upload - Download - Code - Debug are a few words you can use but Shipped is definitely way off base.

Thanx for pointing my eyes in the right direction haha

the Manchurian candidacy has begun.

:spray:

But perhaps they'll get on it soon.

... do you have installed on your browser?? There are so bad combinations of plug-ins that tend to muck up the browser if you have them installed concurrently.

Ever since the latest update

1-click weather
active stop button
adblock plus
advandced dork
dom inspector
farkit
farky
greasemonkey
ie tab
lola
piclens
tab mix plus
videodownloader
web developer

I did look at my Firefox Contents folder and the "Get Info/Languages" thing.
I had apparently unchecked all languages save English.

My computer has been really dodgy lately - lots of freeze ups, intertubenets are snail-city-Arizona.

I have a Mac PoweBook G4.

Y'think I need to do anything else?


Thank you for the information!


ps: the McCain wizecrax =:toast:

;)

been 8 years now and I haven't been unhappy yet

Otherwise, there's nothing to see here.