If you installed the Firefox, LibreWolf, or Zen web browsers from the Arch User Repository (AUR) in the last few days, delete them immediately and install fresh copies.
A
security warning from the Arch Linux maintainers highlights compromised packages of three of the leading Firefox-based browsers in the AUR. The distro hasn't been breached. Unfortunately, the attack is a consequence of how Arch's repositories are structured and maintained.
The warning concerns three browsers from the greater Mozilla family: Firefox itself; a fork called
LibreWolf, which removes some Mozilla telemetry and otherwise tightens up Firefox's security and privacy a bit more; and the fancy tiling
Zen browser, which
we looked at last year.
All three had compromised packages contributed to the
AUR on July 16. The compromised packages were called librewolf-fix-bin, firefox-patch-bin, and zen-browser-patched-bin, and the modified versions reportedly contained a Remote Access Trojan (RAT). Less than two days later, the affected packages were identified and removed. If you installed them, then remove them immediately and then reboot. The official advice is to "take the necessary measures in order to ensure they were not compromised" – which is absolutely correct as far as it goes. The problem is, of course, that you need to have considerable Linux expertise to check for extra unknown processes running on your machine, or for extra traffic going through your firewall.
