Mozilla has stopped distributing a language pack for Firefox after discovering it had been infected by malicious code for over two months.
Although Mozilla's Vietnamese language pack for Firefox has been compromised by the malware, labelled HTML.Xorer, since February, the problem was only discovered earlier this week, according to Mozilla.
The malware left those downloading the language pack open to unwanted ads.
Mozilla does not know how many computers have been affected by the corrupted file, however, since November 2007 there have been 16,677 downloads of the language pack, according to Window Snyder a Mozilla security blogger .
Mozilla usually completes a virus scan of software it makes publicly available, however its scanners failed to detect the virus, according to Snyder.
"We are also adding after-the-fact scans of everything to address this sort of case in the future," said Snyder.
Veteran Microsoft "Most Valuable Professional" Sandi Hardmeier, who specialises in Internet Explorer and Outlook Express, is "staggered" that the infected file has been distributing for over two months.
"It is also staggering that Mozilla seemingly did (does?) not complete regular scanning of their files to check for previously undetected malware — didn't they realise that there is always a period of time between malware being released to the wild, and security products updating their products to add detection of new malware??"
Mozilla recommends disabling the Vietnamese language pack using the add-ons dialog on the Tools menu.