Wednesday August 20, 2008 8:30 PM AEST

SC Magazine Australia/NZ > News > Vulnerabilities & Exploits > Web > Compromised file found in language pack for Firefox

Vulnerability Alerts

SANS

Microsoft

MS08-051 – Critical: Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (949785) - Version:1.1
MS08-048 - Important: Security Update for Outlook Express and Windows Mail (951066) - Version:1.1

CERT/CC

Latest Comments

"I came across a new RHOIUM Card that safeguards payment information so that there is no private ..."

on eBay hacker posts fake credit card numbers to site's security forum

by James Buffet | Aug 19, 2008 1:18 PM

"I'd suggest that people just not go back to any website that puts advertising dollars ahead of ..."

on Malicious "ransomware" banner ads go undetected

by Ivan Voshe | Aug 19, 2008 12:13 PM

"spyware"

on Antispyware added to BitDefender Online scanner

by maryam | Aug 19, 2008 6:08 AM

"w"

on DigitalPersona Pro Workstation/Pro Server

by v | Aug 18, 2008 12:06 PM

"...and in the meantime we've got mobs such as AusCheck completely botching security, allowing ..."

on New breach laws invoke mixed reactions

by what the plebs dont know wont hurt them | Aug 18, 2008 11:05 AM

Web

Compromised file found in language pack for Firefox

The add-on was a Vietnamese language pack, and though it has been removed from the official Mozilla add-on website, it was undetected until this week.

Window Snyder, Mozilla's security chief, told SCMagazineUS.com Thursday that “about 1,200 people downloaded the pack every week since Feb. 18. Compared to 170 million users, that's a small number.”

The language pack was a single file that had a remnant of a script tag that could direct a user to a site that would play unsolicited ads.

“It was not an infection, per se, and the site it directed users to is down. The most likely scenario was that users would be seeing unwanted ads,” Snyder said.

How did it get into the pack? Said Snyder, “We did not do forensics on the developer's machine, but the most likely scenario was that the machine was infected and when the developer uploaded the pack to our add-on site, our antivirus software did not detect it.”

The virus signature was not identified until April.

A new language pack will be available shortly. Until then, Vietnamese language pack users should disable this package, she said.

Secure Computing Magazine

Ads by Google

Thoughts on this article? Add a comment below.

Be the first to comment on this article.

Name:

Email:

(will not be displayed)

Comment:

(HTML not permitted)

Validation

Enter the code you see below:

Most Read
Most Discussed
Latest News

Vulnerabilities & Exploits Whitepapers

Compromised file found in language pack for Firefox

Sponsored Links

SC MAGAZINE SITEMAP

CATEGORIES

News

Alerts

Products

Stats

Blogs

Photo Galleries

Whitepapers

Events

Jobs

Downloads

Vulnerabilities & Exploits

Breaches & Exposures

Messaging

Mobile

Access Control

Biometrics & Forensics

Legal

Risk Management

Job Centre

Patch Management