Mozilla, the maker of the open source Firefox browser, is redoubling its efforts to check user created add-ons for viruses and Trojans after it discovered that a language pack on its official add-on page had been infected for months with rogue code

The virus's signature was unknown at the time, and thus passed Mozilla's testing of add-ons

In response to the later discovery of the latent Trojan code by anti-virus software, Mozilla pulled the language pack and announced it would begin scanning all add-ons whenever they update their virus signatures, not just when add-ons are originally posted, according to a entry on the Mozilla security blog

The add-on's author is not suspected of intentionally booby-trapping the file, but instead had his own system infected. That Trojan inserted a banner-ad displaying script into any html file on his system, which included the help files for the language pack

anti-virus programs detected the Xorer Trojan inside the add-on