Just five hours after its launch, a vulnerability in the new Firefox 3 has been reported which could result in an attacker executing arbitrary code.
It was reported by Tipping Point’s Zero Day Initiative which says the vulnerability is not new and was also present in Firefox 2 which was not fixed. A company representative said:
Once the vulnerability was verified in TippingPoint’s DVLabs and acquired from the researcher, the vulnerability was promptly reported to the Mozilla security team.
No specific detail has been given by Zero Day Initiative team as it is their policy until the vendor fixes it although they say the vulnerability requires user interaction and could result in an attacker executing arbitrary code.
The official statement from Zero Point reads:
What we can confirm is that about five hours after the official release of Firefox 3.0 on June 17th, our Zero Day Initiative program received a critical vulnerability affecting Firefox 3.0 as well as prior versions of Firefox 2.0.x. We verified the vulnerability in our lab, acquired it from the researcher, then promptly reported the vulnerability to the Mozilla security team shortly after. Successful exploitation of the vulnerability could allow an attacker to execute arbitrary code. Not unlike most browser based vulnerabilities that we see these days, user interaction is required such as clicking on a link in email or visiting a malicious web page.
0 responses so far
There are no comments yet...Kick things off by filling out the form below.
You must log in to post a comment.