Firefox 3 Vulnerability Rains on Mozilla Download Parade

June 19th, 2008 | Category: Technology News

For all the hype by how many society downloaded Mozilla’s Firefox 3 open-source browser in a five-hour period, there is now hype about how distant it took defense researchers to reveal a flaw.

Five hours after Mozilla officially released the much-anticipated update, Tipping Point confirmed a vulnerability. Tipping Point’s Zero Day Initiative program received notification about a critical vulnerability affecting both Firefox 3 and Firefox 2.

“We verified the vulnerability in our lab, acquired it from the researcher, thereupon promptly reported the vulnerability to the Mozilla safety measure team shortly after,” Tipping Point wrote in its Digital Vaccine Laboratories blog.

“Successful exploitation of the vulnerability could allow an attacker to execute arbitrary cipher,” the company said. “Not unlike most browser-based vulnerabilities that we see these days, user interaction is needed, such as clicking on a link in e-mail or visiting a malicious Web page.”

Take All Normal Precautions

Mozilla is working on a fix, and Tipping Point

isn’t saying much else until a patch is available. So just how serious is the threat? It’s difficult to say for certain, according to Carole Theriault, a protection researcher at Sophos, considering there’s not much detailed info on the threat.

However, she said, it would be sensible to take the normal precautions that citizens are advised to take: Visit only reputable Web sites, patch protection vulnerabilities, and put that patch in place as soon as Mozilla makes it available.

“Companies that are concerned that their users are dashing out and installing the new browser should consider controlling what browser and version can be used in the company,” Theriault said. Tools like Sophos’ Application Control allow administrators to control browser usage within the network, ensuring that the network is not at unnecessary risk.

Was Mozilla Set Up?

It’s not strange for bug reports to emerge in the wake of newly released software, particularly…

Orginal post by Mike

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Netvouz
  • DZone
  • ThisNext
  • MisterWong
  • Wists

Related Articles
  • Firefox Downloads Exceed 1.6 Million on First Day
  • Firefox 3.1 Beta 1 available for download
  • Mozilla Ready to Launch Firefox 3 into Browser Wars
  • Firefox Issues Rash of defense Fixes
  • Firefox Leads Surge of Web Browsing Competition

    • No comments yet. Be the first.

    Leave a reply