said by fatness :

Wired News article

quote:

---

Trojan Horse code seemingly accidentally embedded in a language pack available on its Add-ons site. The virus's signature was unknown at the time, and thus passed Mozilla's testing of add-ons.

---

quote:

---

Dave Miller (MoCo) 2008-05-06 01:47:24 PDT
clamscan says:
vietnamese_language_pack-2.0-fx-win.xpi: HTML.Xorer FOUND
The file is dated February 18, the virus signature is date April 14, so we
apparently had this in the wild for about 2 months before the scanners were
detecting it.

Axel Hecht [:Pike] 2008-05-06 01:50:23 PDT
FWIW, I think we're talking about
http://www.pandasecurity.com/homeusers/security-info/about-malware/encyclopedia/overview.
aspx?idvirus=189095&sitepanda=particulares,
right?

Dave Miller (MoCo) 2008-05-06 01:53:02 PDT
The signature I found that said April 14 on it was HTML.Xorer.A. The one you
just found is much more likely to be a match, and the window looks much smaller
there.

Hai-Nam Nguyen (jcisio) 2008-05-06 02:01:26 PDT
With info from Panda security, I think it just because the author's local
network was infected with the virus, so it modified html files. The main virus
is a Win32 program. The infected code just display annoying banner but it can't
propagate.
I think we might just remove the script and everything backs ok.

Justin Scott [:fligtar] 2008-05-06 10:20:09 PDT
Since we seem to have determined it wasn't malicious on the part of the author,
I've changed the add-on status to be in the sandbox and deleted both files.
Jasper, please upload a new version without the virus and let us know and we'll
check it out before pushing it public again.

Dan Guido 2008-05-07 21:07:14 PDT
Was the source of this malicious code found?

Jasper Thái 2008-05-08 05:04:42 PDT
Sorry for the inconvenient!
I've found that translated help files was modified by a virus, come from China.
I'm so busy these days, but I've cleaned up malicious code. The new fresh pack
coming soon.
Thanks!

---