Millions of downloads leads to first critical bug in Firefox 3

Powered by SC Magazine
 

As the Mozilla community marched toward a supposed world record of downloads of Firefox 3, researchers from TippingPoint announced a critical vulnerability affecting the day-old browser.

As the Mozilla community marched toward a supposed world record of downloads of Firefox 3, researchers from TippingPoint announced a critical vulnerability affecting the day-old browser.

TippingPoint announced on Wednesday that, just hours after Firefox was officially released on Tuesday, a researcher notified the security firm of the first publicly known vulnerability in Firefox 3.

According to tracking firm Secunia, the "highly critical" vulnerability is caused by an unknown error and can be remotely exploited to execute malicious code. TippingPoint, which purchased the vulnerability as part of its Zero-Day Initiative program, declined to release specifics until Firefox issues a patch.

The flaw not only exists in the new version of the browser but also affects Firefox 2.0 versions, Secunia said. User interaction is required for exploit, meaning a victim must visit a malicious website or click on a bogus link.

Window Snyder, the security chief at Mozilla, wrote Wednesday on the Mozilla security blog that the company is investigating.

"To protect our users, the details of the issue will remain closed until a patch is made available," she said. "There is no public exploit, the details are private, and so the risk to users is minimal."

It is not surprising that a bug was disclosed just hours after Firefox 3 was launched, Terri Forslof, manager of security response at TippingPoint, told SCMagazineUS.com on Thursday. Researchers who discover a vulnerability in prior versions often hold onto it to see if it still affects the new release.

In this case, it did.

Forslof said that as users await a fix, they should follow traditional safe computing practices.

"Don't click on links in emails from untrusted sources," Forslof said. "Don't visit websites that you didn't directly intend to go to. Just use good common sense while surfing the web."

Firefox 3 includes enhanced security features, such as blocking sites known to be distributing malware.

Mozilla reported Wednesday afternoon that Firefox 3 had been downloaded some 8.3 million times within 24 hours of its release. The company was shooting for a new Guinness World Record.

See original article on scmagazineus.com

Copyright © SC Magazine, US edition


Millions of downloads leads to first critical bug in Firefox 3
 
 
 
Top Stories
Earning the right to innovate
Breaking down the barriers to innovation is a long, but rewarding process, says Bank of Queensland Group CIO, Julie Bale.
 
A call for timely reporting
[Blog post] Businesses need incentives to keep customer data secure.
 
Doubts cast on Queensland's ICT Dashboard
Opposition, former Govt CIO say it can't be trusted.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
What is delaying adoption of public cloud in your organisation?







   |   View results
Lock-in concerns
  27%
 
Application integration concerns
  3%
 
Security and compliance concerns
  29%
 
Unreliable network infrastructure
  9%
 
Data sovereignty concerns
  22%
 
Lack of stakeholder support
  3%
 
Protecting on-premise IT jobs
  5%
 
Difficulty transitioning CapEx budget into OpEx
  3%
TOTAL VOTES: 866

Vote