If you downloaded the installer from www.mozilla.org, than it is the official installer. It was likely a false positive. I'd suggest reporting to cylance that there is a false positive, and then updating your definitions

AntonyMagnus said

I recently downloaded Firefox Stub Installer and checked it through Anti Virus multiscanner and it reports the following: Anity AVL Trojan/Win32.SGeneric Cylance reports the file UNSAFE for use. File looks ok and is digitally signed also.

You did this scan on Virustotal.com ?

Cylance has been doing a false positive with Firefox versions (both stub and setup for Windows) for perhaps over a year now and I have seen Anity do false positives on virustoal also. I remember seeing comments that Cylance in this case it's detection used on site is different from the application.

Also even though the stub installer concept (for Windows) on www.mozilla.org has existed since Firefox 18.0, it still occasionally gets false positives with some antivirus clients (after a recent new major or minor version release) while the full offline setups for Windows from www.mozilla.org/firefox/all/ rarely gets false positives in comparison.

AntonyMagnus said

The only conclusion I can draw from this is Mozilla was somehow hacked or Mozilla is up to some nefarious deeds with end users. Either way I would like people to know and be aware.

False positives happens every so often with new major or minor Firefox versions on Windows, especially after release or update and then gets fixed in a definitions update for antivirus client.

If this trojan claim was was indeed true then this would not be the only thread and would be a hot top here, at independent mozillaZine forums and elsewhere.

Except for many years ago (15+ ?) a contrib locale build of a Firefox Release perhaps being infected as Firefox did not have other locales officially for Releases until it got to version 1.0, there has not been any official builds of Firefox for Windows, Mac OSX, or Linux that did indeed come with something like a trojan or virus or such.

Thanks for your replies, I had no idea that it was a false positive. I figured it was but to be on the safe side I submitted the file to my own AV for analysis. I also thought it would be prudent to let Mozilla know of this potential breach. The file appeared to be legit and signed, but... you never know. It also pays in the end for everybody if Mozilla reviews its security. So this could be a good thing too?.

In another side note and somewhat off topic I also downloaded Comodo Dragon browser and had similar findings. Ikarus reported infections and I also reported it to them.

Lastly yes, I did use Virus Total I do it for all files now no matter what. I also utilize OPSWAT.

Thanks again!