www.broadbandreports.com
  
Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsJobsNewsFAQsForumsToolsMapsAbout 
 
   AllHot TopicsCable SupportTelco SupportHardware etcSecurityClubsGallery»»






how-to block ads


 
Forums » Up and Running » Security » Security » Wow! Mozilla distributing infected code!
 
Search Topic:
  Social:
topic feed
 
Posting
toggle:
flat / full
normal / watch
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
Quickbook 2008 and XP SP3 »
« Do you disable 'System Restore' and then do a virus-scan?  
AuthorAll Replies

SUMware
Premium
join:2002-05-21

edit:
May 7th, @11:26PM
reply to Steve
Only Vietnamese language pack addon is affected

Here's the rest:

"Everyone who downloaded the most recent Vietnamese language pack since February 18, 2008 got an infected copy. While we cannot determine the exact number of compromised downloads, there have been 16,667 total downloads of the Vietnamese language pack since November 2007, so we anticipate the impact on users to be limited.

Mozilla does virus scans at upload time but the virus scanner did not catch this issue until several months after the upload. We are also adding after-the-fact scans of everything to address this sort of case in the future.

A new language pack will be available shortly. Until then, Vietnamese language pack users should disable this package using the add-ons dialog on the Tools menu.

More information is available in bugzilla: https://bugzilla.mozilla.org/show_bug.cgi?id=432406"

According to Bugzilla the affected file was removed from public staging prior to 2008-05-06 11:06:44 PDT.
to forum · permalink · · 2008-05-07 22:59:26 · Reply to this


Steve
SAS-70 is extortion
Consultant
join:2001-03-10
Tustin, CA
said by SUMware See Profile :

Only Vietnamese language pack addon is affected
The point is not to get everybody to check their installations - I didn't download this pack and don't know anybody who did. Most people weren't affected.

This reveals a shocking lack of quality control. We're lucky it was "only" a Vietnamese language pack.
--
Stephen J. Friedl | Unix Wizard | Microsoft Security MVP | Tustin, California USA | my web site
to forum · permalink · · 2008-05-08 00:17:17 · Reply to this


KrK
Heavy Artillery For The Little Guy
Premium
join:2000-01-17
Tulsa, OK		 Chances are they don't know Vietnamese, so they farmed out the translation to some third party who caused the problem.
to forum · permalink · · 2008-05-09 00:03:44 · Reply to this
Forums » Up and Running » Security » SecurityQuickbook 2008 and XP SP3 »
« Do you disable 'System Restore' and then do a virus-scan?  

Most commented news this week
· [122] AT&T WhistleBlower Was Never Invited To Testify
· [52] Comcast's Use Of Twitter Continues To Fascinate
· [50] Comcast Prepared To Spend Big On HD
· [46] Sprint WiMax: Less Than $50
· [38] So Far, 'Franchise Reform' Means Higher Prices
· [31] U-Verse Launches In Tulsa
· [31] Apple Irked With Rogers iPhone Pricing?
· [31] Google: Bell Canada Is Breaking The Law
· [29] NebuAD Tries To Defuse Public Relations Nightmare
· [28] Apple Vs. Rogers: The Fight That Isn't
Tuesday, 08-Jul
23:28:57 		Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
8th year online! © 1999-2008 dslreports.com.
page compression OFF