Malware shipped with Firefox 2 language pack

Mozilla is warning that a Vietnamese language pack for Firefox 2 is carrying malware.

In her blog, Mozilla security chief Window Snyder writes:

The Vietnamese language pack for Firefox 2 contains inserted code to load remote content.  This code is the result of a virus infection, but does not contain the virus itself.  This usually results in the user seeing unwanted ads, but may be used for more malicious actions.

Everyone who downloaded the most recent Vietnamese language pack since February 18, 2008 got an infected copy.  While we cannot determine the exact number of compromised downloads, there have been 16,667 total downloads of the Vietnamese language pack since November 2007, so we anticipate the impact on users to be limited.

Also follow the bug for the issue.

Snyder also noted that Mozilla scans for viruses at upload time, but the scanner didn't catch this problem "until several months after the upload." Mozilla is adding additional virus scans to catch these issues in the future.