Firefox hit by Nobel Peace Prize malware

Mozilla has issued warned users about a “critical vulnerability” in its popular Firefox web browser that is being actively exploited by cybercriminals to distribute malware.

The security flaw, which was previously unknown, affects versions 3.5 and 3.6 of Firefox.

Norwegian security firm Norman ASA first reported yesterday that users were being infected by a Trojan, which it named Belmoo, which was distributed using the exploit from the official web site of the Nobel Peace Prize.

The specific choice of the site for the Nobel Peace Prize, which was this year awarded to Chinese dissident and human rights activist Liu Xiaobo, has prompted speculation that supporters of the Chinese government may be behind the attack.

The malicious code being distributed from the site is now being blocked by Firefox’s built-in malware protection, but the company says the exploit code could still be live on other websites.

Mozilla reports that it is working on a fix for the problem that will be pushed live to users as soon as it has been tested.

In the mean time, insecurity expert Graham Cluley of Sophos has recommended that Firefox users turn off JavaScript and download the popular NoScript add-on, which allows them to individually authorise which sites are allowed to run JavaScript, Java and Flash-based content.