Experimenting with new extensions is part of what makes Firefox great, but if you downloaded either the "Sothink Web Video Downloader", or "Master Filer", you probably snagged a nasty Trojan for your troubles. According to an entry on the Mozilla Blog both these extensions contain code which exploit vulnerabilities in all versions of Windows, and were downloaded close to 5,000 times before being spotted.
The extensions in question were contained in the "experimental" area of the official Firefox add-on site, and while it might seem like little consolation for anyone who got infected, users grabbing extensions from this section are warned before download that this could happen. Mozilla employs a special add-on scanner which supposedly checks all new entries for malicious code, but they were forced to acknowledge that the security process failed. "[Add-ons] performs a malware check on all add-ons uploaded to the site, and blocks add-ons that are detected as such," said yesterday's blog posting. "This scanning tool failed to detect the Trojan."
Mac and Linux users who downloaded these add-on's are unaffected, but anyone who used the extensions in Windows are being warned by Mozilla to delete all traces of the infected file, and run a virus scan. Mozilla is promising to boost the number of times it scans files for malware in the future, and will also step up how often it scans its entire catalog of add-on's.
Does this hurt your trust in Firefox extensions? Or was this bound to happen eventually?