Firefox does not install any softwares in anyone's computer. Users have to authorize that first. When a user install a new software, these "malwares/spywares" and "toolbars" are usually sneaked into the software installation window as an "option". If users do not UNCLICK that option, or not paying any attention and just click INSTALL, these programs will be installed without the users' knowledge. The best examples are: Ask Toolbar, Google Toolbar and Norton.

thank you for your reply. This has happened twice as a result of clicking on a link that has taken me to a site. Both times a warning has come up saying that additional plugins are required to play the media on the page, but I have declined these. The option to install the plug in is still there when the malware kicks off. As soon as the page has loaded though, the zonealarm warning pops up and the malware exe is now running in the process list. It's the XP Antispyware 2011 (this is more info and how I successfully removed it: http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2011)

The only toolbars I have are the zend & the webdeveloper ones, both of which came from the add ons via firefox. I have also had them installed for quite a while (months) and updated as they require.

Something is allowing this to get through and its happening while I am surfing using firefox and these are the only two things I can be sure of. It has not happened while I am installing software as I have not done so in a while.

thank you for your help

Please visit the Plugins Check page and update where necessary.

Here's a security advisory whichs warn about outdated plugins: http://www.adobe.com/support/security/advisories/apsa11-02.html

Also, image searches can now lead you to malware sites. See Google images may lead to malicious sites

Do you have Adblock Plus installed? If so, subscribe to Malware Domains via this site: https://adblockplus.org/en/subscriptions The link is at the foot of the page. If you don't have Adblock Plus, you can get it from here: https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/

Hi

thank you for the pointer - I had quite a few plugins that are out of date, including java that had actually reached the end of it's product life! I ended up using this: http://secunia.com/vulnerability_scanning/personal/ and patched more out of date software.

I have Adblock plus, but not the malware subscription, well, I do now, so thank you for the pointer :)

I have no idea if this has solved it, but I really don't want to go and find the attack sites to find out ;) If it hasn't its not for the want of trying :)

Thank you for your help

You're welcome.

Keep an eye on this blog: http://krebsonsecurity.com/tag/denis-sinegubko/

There's a Russian developer who's creating an Add-on for Firefox which will flag malicious images, but it hasn't been released yet. Hopefully, we'll see it soon.