Is this Firefox extension compromised ?

On my U. Maverick I sometimes run a scan with BitDefender and was surprised that something was found.

Location :- /.mozilla/firefox/xvgghrw2.default/extensions/{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}/components

File :- arUnMHTMhtmlProtocolHandler.js

Description :- A Firefox add-on. https://addons.mozilla.org/en-US/firefox/addon/unmht/

VirusTotal finds 3 instances :- F-Secure; GData; and of course BitDefender.

Infection :- Generic.Exploit.CVE_20.0B7C2474

I will delete the add-on even if it is a false positive as Opera does a better job natively.

 

I'd say it's a false positive.
Open the file and check the code, btw.
Mrk

 

Ocky, I also think that it's a false positive. Nevertheless, it might be a good idea to click "Report abuse" on above website so that AMO has the chance to re-check that extension.

 

I emailed amo - don't want to create yet another account. I am also pretty sure it's a FP. In the code there is some Chinese gobbledegook that of course is Greek to me but it is not js.

 

That's just comment(it's Japanese btw)

I uploaded the file to VT, BitDefender and the other 2 AV don't detect it anymore.(but now Ikarus does )

 

Has been confirmed a false positive by amo admins who ran the add-on through some malware checks.

(The 'does look like a false positive' part is not really very definitive isn't it ?)

 

Could it somehow have been (overzealously) triggered by this?
http://www.pcworld.com/businesscenter/article/222014/attacks_use_ie_to_exploit_windows_mhtml_flaw.html

Perhaps, the detection system didn't segregate Windows and *nix?

 

That's interesting. Thanks. I save a lot of web archives, but it looks like *nix is not affected.