Firefox 3 Receives Early Vulnerability Report
Only a few hours after Mozilla kicked off its Firefox Download Day, leading to over 8 million downloads in 24 hours, someone discovered and reported a critical security flaw in the browser.
Those who have work in the technology world for a few years likely share a similar view on adopting new products. The dot-zero release of software usually requires some type of fix or update, leading to an incremental release being necessary.
Unfortunately that’s going to prove true for Mozilla. Their quest for a world record in downloads in a 24-hour period looks secure. The browser does not share that same security.
TippingPoint splashed cold water on the Firefox debut, as it disclosed the existence of a critical flaw in the new version of Firefox, as well as Firefox 2. If exploited, the flaw would permit remote execution of arbitrary code.
“We verified the vulnerability in our lab, acquired it from the researcher, then promptly reported the vulnerability to the Mozilla security team shortly after,” said TippingPoint. They cited past, positive experience with Mozilla addressing security issues and expects this one to receive swift attention and resolution.
Though no details about the flaw will be made available until a patch has been released, TippingPoint did say the exploit would require user interaction, as is typical in browser flaws. Internet users should use the usual caution when confronted with an unfamiliar link, especially in email spam.