Last week, Firefox users were warned by Mozilla of two add-ons that had been discovered to contain malware and removed from their add-on Web site. Mozilla backtracked on one those add-ons last night, saying that the company had worked with McAfee and determined that the Sothink Web Video Downloader is malware-free.
The initial estimate of 6,000 affected downloads has also been revised downward, to 700 downloads. Mac and Linux Firefox users were not affected by the malware discovery.
Mozilla stated that during the re-testing process that cleared the Sothink add-on, the other add-on thought to be infected, Master Filer, was confirmed again as containing a Trojan. The Sothink add-on has been re-added to AMO as well as CNET Download.com.
In an interview via e-mail last week, Nick Nguyen, Mozilla's Add-ons Director, said that the incident that uncovered Master Filer began when a user running an antivirus program from Eset threw up a warning. "All add-ons uploaded to AMO are reviewed for malware with automated tools," he said. "ClamAV failed to detect the Trojan in Master Filer which caused us to re-evaluate our toolset. After upgrading our process, we rescanned the remaining 58,000 files on AMO and detected one additional instance of malware," which was the Sothink add-on.
Nguyen noted that both Master Filer and Sothink Web Video Downloader were add-ons labeled as "experimental," which means that users had to have an account at AMO to download them and that they could only be downloaded directly from the Mozilla site, but he also said last week that only one version, v4.0, of the Sothink downloader was found to be infected.
Security breaches in Firefox add-ons are rare, but they have occurred before. In 2008, there was a compromised file in the Vietnamese language pack for Firefox 2.
Mozilla did not immediately respond to a request for comment.