Mozilla’s open source browser is the latest application targeted by malware purveyors. This time, hackers have stashed away a Trojan in a couple add-ons posted on addons.mozilla.org. eSecurity Planet has the goods on which add-ons users need to avoid and what people already affected can do to rid themselves of the malware.
As it’s grown in popularity, the open source Mozilla Firefox Web browser has fostered a broad ecosystem of add-ons that expand its functionality. As it turns out, though, that same ecosystem can also potentially expose users to risk.
Mozilla today disclosed that a pair of add-ons hosted on its addons.mozilla.org (AMO) site included Trojans. As a result, if a Windows user installed the add-ons, they would be infected by malware that could potentially steal their information.
The two infected add-ons are Version 4.0 of Sothink Web Video Downloader and all versions of Master Filer download manager.
“This vulnerability is known to affect Firefox on Windows only, if either Master Filer or Version 4.0 of Sothink Web Video Downloader are installed,” Mozilla wrote in a blog post confirming the security issue.
Mozilla recommends that potentially impacted Windows users—who may number in the thousands—run an antivirus program since simply uninstalling the affected add-ons does not remove the Trojans.
According to Mozilla, Master Filer has been downloaded 600 times while the Sothink Web Video Downloader has been downloaded 4,000 times. Mozilla removed Master Filer on Jan. 25, 2010 and Sothink Web Video Downloader on Feb. 2, 2010.