Mozilla warns thousands have downloaded poisoned Firefox plugin


Advertising code inserted by the malicious Xorer worm has been discovered in a plugin for the Firefox web browser that has been downloaded thousands of times in the last three months.

Mozilla’s chief of security, Window Snyder, has confirmed in a post on her blog that HTML files in Firefox’s Vietnamese language pack were carrying a script (detected by Sophos as Mal/Badsrc-A) designed to display irritating advertising messages as users browsed the web. The affected files had been available for download since February 18 2008.  The script is not believed to have been planted deliberately, and is most likely the result of a developer’s computer being infected by the Xorer worm, the first variant of which was first protected against by Sophos in January 2008.

As we note in the latest Sophos Security Threat Report, hackers are attacking the web at a faster rate than ever before, and are aggressively looking for webpages to infect.  Indeed, Sophos discovers one new infected webpage every five seconds.

Sign up to our free newsletter.
Security news, advice, and tips.

As more and more software programs ship today with HTML files it is important that proper care is taken by developers to ensure that their HTML code has not been compromised by malware.  There is a risk that software engineers working on a project may also use their development computer to surf the net, and be a vector by which malicious code can enter the final shipping product.

The good news in this case is that the only affected files appear to be related to the Vietnamese language pack.  Of course, that’s not good news if you’re a Vietnamese user of Firefox, but imagine how much bigger the problem would be if it had been the English language version of Firefox that had been poisoned.

Mozilla says a new Vietnamese language pack will be available shortly.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.