Mozilla Promises Better Virus Scanning After Virus Faux Pas

Martin Brinkmann
Feb 5, 2010
Updated • Jul 19, 2016
Firefox, Firefox add-ons

Mozilla runs antivirus and compatibility scans when add-ons are submitted to the official add-on repository by developers.

These add-ons are then offered as experimental add-ons until they pass a human review which adds them fully to the add-on directory.

It came to light today that two add-ons that have been offered on the add-on repository were malicious in nature. They would drop a trojan on systems running Microsoft Windows when installed in Firefox.

The two infected add-ons where found after Mozilla added a new antivirus scan engine to the site, and performed a scan of all available add-ons.

The infected add-ons are: Sothink Web Video Downloader 4.0 and Master Filer which both contained the trojan Win32.Bifrose.32.Bifrose.

Two experimental add-ons, Version 4.0 of Sothink Web Video Downloader and all versions of Master Filer were found to contain Trojan code aimed at Windows users. Version 4.0 of Sothink Web Video Downloader contained Win32.LdPinch.gen, and Master Filer contained Win32.Bifrose.32.Bifrose Trojan. Both add-ons have been disabled on AMO.

Firefox users who have downloaded and installed the add-ons should uninstall them immediately and perform a thorough scan for malicious software on their computer system. Most modern up to date antivirus software programs, such as Avast or AVG, can detect and remove the trojan from the computer system.

The add-ons were downloaded a total of 4600 times from the Mozilla website and an unknown amount of times from other websites that offered the add-ons.

Mozilla seems to have learned from the malware infection as they have increased the number of different malware scanning engines from one to three and it is very likely that more will be added in the future. The frequency of regular scans was also increased according to Techworld information.

Linux and Mac users are not affected by the trojan even if they have downloaded one or both of the malicious add-ons.

Tip: you can distinguish fully reviewed add-ons from preliminary reviewed ones in the following way: all preliminary reviewed add-ons display the sentence "This add-on has been preliminarily reviewed by Mozilla" underneath the download button.

preliminary reviewed addon

There is obviously no 100% guarantee that reviewed add-ons won't contain malicious code, but the chance of that happening seems slim considering that manual reviews are thorough and an addition to the automatic scans that sort out the majority of problematic add-ons right away.

Firefox users who want to be on the safe side should go through an extension's source code if it is not reviewed fully yet to make sure it is clean. This is not really practicable though considering that the majority of users won't be able to read code.

There is however no other option apart from avoiding to installing add-ons.

Mozilla Promises Better Virus Scanning After Virus Faux Pas
Article Name
Mozilla Promises Better Virus Scanning After Virus Faux Pas
Mozilla found two malicious add-ons on its Firefox add-on repository recently after adding a new antivirus engine to the automatic scan functionality.
Ghacks Technology News

Tutorials & Tips

Previous Post: «
Next Post: «


  1. cyb said on December 10, 2010 at 12:31 pm

    hemm can virus run under UML from firefox?

  2. David Macdonald said on February 6, 2010 at 5:29 am

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.