Note that this isn't a Firefox vulnerability.

The trojan is opened as a Windows executable from email attachments, and writes itself into the Firefox profile's configuration directory.

This MozillaZine article [mozillazine.org] has lots more on the trogan horse, including instructions for spotting if you have it.

Personally I only download FF extensions from the official site.
https://addons.mozilla.org/extensions.php?app=fire fox [mozilla.org]

This is an Outlook/IE "virus" who's payload is a keylogger and crap that hooks into Firefox.

This does not exploit any vulnerability in Firefox.

If your OS is not secure, no app running on it can be secured.

Thats not whats going on. This trojan isn't installed as an extension, it comes as a regular old .exe in an email, which when you run it, then edits the firefox configuration files to add itself into the extension list without going through the normal extension process.

The article is not clear. If not, get it off the Moz site. If so, sux to be them.

It is: "presenting itself as a legitimate existing extension called numberedlinks".

The McAfee characteristics page [nai.com] (2nd tab - stupid that that isn't directly linkable) also says:

The original component installs the following files:
* %MozillaUserProfile%\(ARBITRARY_CLASS_ID)\chrome\n umberedlinks.jar

FormSpy installs these additional files:
* %MozillaUserProfile%\(ARBITRARY_CLASS_ID)\chrome\n umberedlinks.jar (modified - FormSpy)

McAfee do not describe it as a Firefox exploit. They describe it as a VBS exploit originally written to target IE, i.e., a Windows exploit.

KFG

I think you misunderstand. There is a legitimate extension called numberedlinks that you can install from mozdev and is not evil. This trojan extension masquerades as numberedlinks but only gets installed if you open the evil email attachment.

If you had read this article [mozillazine.org], you'd see that in clear text is states:
Within Firefox, the trojan pretends to be the legitimate numberedlinks extension.

The extension itself is not the problem. The trojan creator just decided to have his extension pose as another in an attempt to be "inconspicous".

Again with people jumping to conclusions. The trojan is loaded when you open an .exe attached to an e-mail from "Wal-mart". Lesson to be learned: never open random .exe attachments. Ever. Problem solved.

For those of you screaming that "numberedlinks" should be removed from the mozilla site, that wouldn't fix the problem. The original extension is perfectly safe and NOT a trojan. This one is just spoofing it by installing itself with the same name.

A little more careful reading and some common sense go a long way

That's the legitimate extension. This trojan is not it.

Actually, if you read the article more closely (and similar articles that have appeared in no shortage of other places), the malware pretends to be the numberdlinks extension. Your post implies that the actual extension is malware, and this is untrue.

Additionally, if you read the Slashdot blurb, it's explained pretty clearly there.

Basically, if you click on e-mail attachments without knowing what they are, it's your own fault if your computer becomes infested with viruses and spyware.

Well the should. In fact, I read just the other day that Debian will be signing packages at long last. It's not brain surgery to do either - Red Hat has been doing it for a very long time.

Extensions can be happily installed inside a user's profile directory. It doesn't require write permissions to the Firefox application's directory to install an extension.

There is nothing about "vulnerability" that would stop the same thing happening on a Linux box. The only saving grace for Linux at this point in time is that your average Linux user is smart enough to not execute random executable files they receive from people they don't know in an email message.