The language pack supposed to be installed in Firefox 2 by consumers who want to use the Mozilla browser in Vietnamese got compromised by a Trojan horse, Window Snyder, the Mozilla security chief warned yesterday. What's worse is that the plugin was posted straight on the Mozilla Add-on page from where users download and install themes and extensions for Firefox. Window Snyder explained that the Trojan horse was a result of a malicious code injection which could load remote content and drop the infections on the affected system.

"This code is the result of a virus infection, but does not contain the virus itself. This usually results in the user seeing unwanted ads, but may be used for more malicious actions," he wrote in the blog posting.

Users who have been downloading the Vietnamese language pack since February 18, 2008 could have had their computers infected, the Mozilla official explained. "While we cannot determine the exact number of compromised downloads, there have been 16,667 total downloads of the Vietnamese language pack since November 2007, so we anticipate the impact on users to be limited," he added.

How did the Trojan manage to bypass the Mozilla virus scan conducted when uploading a Firefox add-on? "The virus scanner did not catch this issue until several months after the upload," Window Snyder stated.

The Firefox plug-in has already been removed from the Mozilla Add-on page, but users who want to download the Vietnamese language pack have to wait a few days until a clean version of the file is re-published.

According to Panda Security, the Xorex.O Trojan horse which was detected in the Firefox plug-in only affects the Windows platforms, namely Windows 2003, XP, 2000, NT, ME, 98 and 95.

If you want to download the latest version of Mozilla Firefox, you can take both the stable and the newest beta releases straight from Softpedia.