Mozilla spreads malware rather than security

Vietnamese users turning to Mozilla's Firefox to offer then security got a shock yesterday when the company revealed that the Vietnamese language pack for Firefox 2 was contaminated with malicious code and that this had been available for download for three months.

Because of a virus infection, the Vietnamese language pack for Firefox 2 was polluted with adware, Mozilla security chief Window Snyder said in a blog posting. "Everyone who downloaded the most recent Vietnamese language pack since February 18, 2008 got an infected copy," she wrote. "Mozilla does virus scans at upload time but the virus scanner did not catch this issue until several months after the upload."

Now, as someone who has started making the transition from Internet Explorer to Firefox, this is a worrying development. And to be honest, I'm not happy with Snyder's explanation as to what went wrong:

Snyder did not know exactly how the adware code was added, but she said that this kind of problem could affect any software provider -- open source or not. "In most software development environments the developers aren't kept in a dark cave," she said. "They browse the Web or take those laptops to a coffee shop "

"It's just a fact of life," she added.

Oh, fact of life, really ... somehow that doesn't make me feel any better about the situation. There's very little excuse for shipping malware to users nowadays.

I guess the flip-side is that there's no such thing as a trusted source.

Thoughts?