631545 - Firefox seems to catch malware from own add-on site

Status: RESOLVED INVALID

(Firefox :: General, defect)

Description

[Norbert Grün]

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13

mozilla foundation

Malware in Plugins

Dear Madam or Sir!

Recently my Firefox Portable caught up Malware.

I noticed it when I plugged the USB disk back into my offline machine despite the precautions of powering up the Kiosk Mode machine in the NetCafé afresh and hooking up the USB disk afterwards. Usually then that machine is clean, a common defence in the NetCafé.

My offline machine lacks the online update capabilities of the malware scanner and I noticed it switching off the malware scanner and vital maintenance builtin functions of my XPSP3.

Earlier I had omitted the power cycling in the NetCafé, but managed to weed the USB disk at my friend and setting the machine up from scratch.

I now have been at the NetCafé a second time after catching the new Malware.

Visible effects were: Trying a connect to an Austrian site with a SLD resembling an anagram of «newbie» which drove the NetCafé machine into massive swapping, but complained about a missing JAR archive. The other result was redirecting «mail.google.com» to a fake copy with the URL closely resembling that domain, but with a lengthy URL. This failed badly, so the intended password grabbing didn't work.

I immediately killed Firefox Portable and its directory, repowered and got the newest version via MSIE 8 which was unhampered by anything from Firefox.

Installing and getting the Video Download Helper plugin, which is the main reason to run Firefox Portable in order to rescue potentially short-lived YouTube videos shot off by over-eager do-gooders far from kid porn or Nazi propaganda or any real copyright infringement, everything went well. Problems popped up after installing twin Vista themes, one with an unwanted plugin which got immediately deinstalled, the most suspect one being the MacOS X Theme.

Heise boasts running 40 malware scanners over their download portfolio.

It seems wise to do so as well.

Your site is usually regarded as trusted, there is no design break when going to individual downloads, so nobody is scared by that three second nag box, thanks to Steve Jobs and Bill Gates, almost nobody knows his OS' processes by first name, nor does he understand the code, eben if he hath the full source.

Spicing Firefox' plugins with malware will massively reduce trust into Firefox and drive users back to MSIE, perhaps Opera can get some of the fugitives, Linux/BSD may offer browsers via KDE, GNOME etc., WebKit being now a popular core.

Apropos nag box: This will convince only U.S. lawyers, period.

Kind regards

Norbert Grün (gnor.gpl@googlemail.com)


Reproducible: Always




This one (3.6.13) seems to be clean again.

2011/02/02 version crashed immediately when submitting id and password to mail.google.com, Talkback failed.

This one is downloaded from chip.de

Comment 1

[Jo Hermans]

I fail to see why addons.mozilla.org should be the location where you picked up the malware. You could have easily picked it up from another application or websites (or the pc in the Netcafe, or the pc in the office). Or are you trying to claim it's in the Video Download Helper add-on, or you have other add-ons or plugins ?

Note : as far as I know, there are indeed virus and malware scanners in use at addons.mozilla.org.

Comment 2

[Tim (fmdeveloper)]

Reporter -> Are you still experiencing this issue?

Comment 3

[Tim (fmdeveloper)]

Closing bug as Invalid - if you are still experiencing this issue or have more information to provide feel free to post back here and we can re-open the bug. You can also get assistance by visiting the Firefox help site -> http://support.mozilla.com/en-US/kb/Ask+a+question