I have been cautious of add-ons (extensions) since day one. Every time a friend calls with a "my internet is slow" issue I seem to end up patching their Windows host file and managing their Add-ons in Microsoft Internet Explorer. So when Firefox came out with extensions I was very cautious, and still am very cautious. I just hope they extend the scanning to their Themes [webmasterworld.com] as well.

IMO, anything at all that starts to get widespread exposure in publicity, distribution or usage will start to get targeted eventually. It was only a matter of time in coming.

The actual facts of THIS case seem to point to the fact that the software was accidentally included in some sort of bundle and then uploaded it to the Mozilla servers. It was not targeting Mozilla at all.

The most worrying part is that they just use signature based virus checking before hosting extensions. They need to improve their verification of code before hosting it (and therefore saying it is safe)

Malicious extensions are nothing new, I have seen them before 1.0. By default extensions will not install so this is not a drive-by attack.

EDIT: More information from Mozilla

The Vietnamese language pack for Firefox 2 contains inserted code to load remote content. This code is the result of a virus infection, but does not contain the virus itself.

[blog.mozilla.com...]

So the language pack only included symptoms of a trojan, not the actual trojan itself. No users were ever at risk and they would only have seen the ads that were inserted if they viewed the help files.

I always re-start Firefox in "Safe Mode" before doing anything that needs to be really secure like online banking. I don't want any extensions running then, since an extension could monitor my keystrokes and send login and password info to the bad guys.

Will safe mode do the trick? I never even though about the banking with Firefox.

Why restart Firefox in safe mode? Install Opera and do your online banking from there.

So the language pack only included symptoms of a trojan, not the actual trojan itself. No users were ever at risk and they would only have seen the ads that were inserted if they viewed the help files.

But, mozilla.org says:

The Vietnamese language pack for Firefox 2 contains inserted code to load remote content.

So, the addon is doing something other than its advertised function. This is independent of whether it is capable of spreading the infection.

Also, the remote content can always be replaced at will with different remote content that does more than display an ad. Drive by javascript for example.

The title is still totally misleading and inflammatory.

'FireFox Add-ons Infecting Users with Trojans'

It isn't infecting users with trojans, it gave them HTML pages which had some ad code added (the developer is the only person that was infected) and there is only a theoretical risk if you view the help pages of an infected download.

For the last 2 weeks, I also had a strange problem with firefox 2.0
When the connection is a little slow, after sometime, firefox tries to go to the an address with the domain name omitted. For example, in stead of accessing this page, firefox will go to [firefox_browser...]
No peculiar add-on installed, apart from some web development stuff like alexa, google page rank , or colorzilla

I always re-start Firefox in "Safe Mode" before doing anything that needs to be really secure like online banking. I don't want any extensions running then, since an extension could monitor my keystrokes and send login and password info to the bad guys.

What do you mean by "Safe Mode"?

Before you do your online banking, why not simply disable any suspect Add-ons in the "Tools" dropdown menu?

Is that what you call "Safe Mode"?

Hah! Since posting in this thread, I've discovered what "Safe Mode" is from neccessity.

I use FF 2.0.0.14 (latest on OSX Tiger 10.4) and use 4 Add-ons.

Not eperienced a grain of trouble for over a year.

But this week the SiteAdvisor (McAfee) extension 26.5 causes FF to freeze, totally unusable.

I had to force quit FF, and use Camino to troubleshoot.

It is definitely the Siteadvisor Add-on, and there's no chatter about the problem on the McAfee site or forums.

I even tried a fresh SA download, and the same bug occurs; Siteadvisor is broken on this platform, and rogering the latest Firefox version.

In addition; if you try the "Find Updates" in your Add-ons menu, they all work EXCEPT the Siteadvisor one which returns an error message.

Wake up McAfee!

And a heads-up to any fellow Mac FF users.

>>Disable Sitadvisor until McAfee fix the bug.<<