Published in News
Mozilla backs down on add-on security claim
by Nick Farrell on11 February 2010
Web Video downloader is malware free
Red-faced execs from the Mozilla Foundation had to back down on claims that two add-ons contained malware and had been removed from their add-on Web site.
One of them at least is proving to be totally free of any malware. Mozilla said that the company had worked with McAfee and determined that the Sothink Web Video Downloader is malware-free. To make matters worse Mozilla had predicted that 6,000 people had been affected by the malware downloads. It turns out that there were only 700.
Mozilla stated that during the re-testing process that cleared the Sothink add-on, the other add-on thought to be infected, Master Filer, was confirmed again as containing a Trojan. The Sothink add-on has been re-added to AMO as well as CNET Download.com. Nick Nguyen, Mozilla's Add-ons Director, said that the incident that uncovered Master Filer began when a user running an antivirus program from Eset threw up a warning.
"All add-ons uploaded to AMO are reviewed for malware with automated tools," he said. "ClamAV failed to detect the Trojan in Master Filer which caused us to re-evaluate our toolset. After upgrading our process, we rescanned the remaining 58,000 files on AMO and detected one additional instance of malware," which was the Sothink add-on.
Master Filer and Sothink Web Video Downloader were add-ons labelled as "experimental," which means that users had to have an account at AMO to download them and that they could only be downloaded directly from the Mozilla site, but he also said last week that only one version, v4.0, of the Sothink downloader was found to be infected.