This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

ClamXav reports Xml.Exploit.CVE_2013_3860-3 infection in the Firefox 48.0.1 MacOS app

  • 1 reply
  • 3 have this problem
  • 1 view
  • Last reply by John99

more options

update today to 48.0.1 on Mac, ClamXav reports infection 'File Name Infection Name Status /Applications/Firefox.app Xml.Exploit.CVE_2013_3860-3' Deleted firefox and downloaded/installed new from this site but ClamXav again reports same infection ?whether real or relevant

update today to 48.0.1 on Mac, ClamXav reports infection 'File Name Infection Name Status /Applications/Firefox.app Xml.Exploit.CVE_2013_3860-3' Deleted firefox and downloaded/installed new from this site but ClamXav again reports same infection ?whether real or relevant

Chosen solution

This is not a definitive answer. I am not even a Mac user.

Official Mozilla Firefox downloads have As Far As I Know never contained malware they have however occasionally triggered false positives, which I imagine is what is happening here.

Also if that malware is the same as https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3860 it looks like it is something that affects only Windows so it should not be any immediate problem on a Mac.

The official download site would be

You would presumably have initially got an update using the installed Firefox, there is just a possibility that is corrupt (or settings are corrupt)

If you wish to you could try what we call a clean reinstall where the original application files are trashed before reinstalling. However from what you say I presume the problem is only detected after the new Fx48.0.1 is installed and that your download would have been from an official site as you said.

Read this answer in context 👍 1

All Replies (1)

more options

Chosen Solution

This is not a definitive answer. I am not even a Mac user.

Official Mozilla Firefox downloads have As Far As I Know never contained malware they have however occasionally triggered false positives, which I imagine is what is happening here.

Also if that malware is the same as https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3860 it looks like it is something that affects only Windows so it should not be any immediate problem on a Mac.

The official download site would be

You would presumably have initially got an update using the installed Firefox, there is just a possibility that is corrupt (or settings are corrupt)

If you wish to you could try what we call a clean reinstall where the original application files are trashed before reinstalling. However from what you say I presume the problem is only detected after the new Fx48.0.1 is installed and that your download would have been from an official site as you said.