Millions of downloads leads to first critical bug in Firefox 3

Powered by SC Magazine
 

As the Mozilla community marched toward a supposed world record of downloads of Firefox 3, researchers from TippingPoint announced a critical vulnerability affecting the day-old browser.

As the Mozilla community marched toward a supposed world record of downloads of Firefox 3, researchers from TippingPoint announced a critical vulnerability affecting the day-old browser.

TippingPoint announced on Wednesday that, just hours after Firefox was officially released on Tuesday, a researcher notified the security firm of the first publicly known vulnerability in Firefox 3.

According to tracking firm Secunia, the "highly critical" vulnerability is caused by an unknown error and can be remotely exploited to execute malicious code. TippingPoint, which purchased the vulnerability as part of its Zero-Day Initiative program, declined to release specifics until Firefox issues a patch.

The flaw not only exists in the new version of the browser but also affects Firefox 2.0 versions, Secunia said. User interaction is required for exploit, meaning a victim must visit a malicious website or click on a bogus link.

Window Snyder, the security chief at Mozilla, wrote Wednesday on the Mozilla security blog that the company is investigating.

"To protect our users, the details of the issue will remain closed until a patch is made available," she said. "There is no public exploit, the details are private, and so the risk to users is minimal."

It is not surprising that a bug was disclosed just hours after Firefox 3 was launched, Terri Forslof, manager of security response at TippingPoint, told SCMagazineUS.com on Thursday. Researchers who discover a vulnerability in prior versions often hold onto it to see if it still affects the new release.

In this case, it did.

Forslof said that as users await a fix, they should follow traditional safe computing practices.

"Don't click on links in emails from untrusted sources," Forslof said. "Don't visit websites that you didn't directly intend to go to. Just use good common sense while surfing the web."

Firefox 3 includes enhanced security features, such as blocking sites known to be distributing malware.

Mozilla reported Wednesday afternoon that Firefox 3 had been downloaded some 8.3 million times within 24 hours of its release. The company was shooting for a new Guinness World Record.

See original article on scmagazineus.com

Copyright © SC Magazine, US edition


Millions of downloads leads to first critical bug in Firefox 3
 
 
 
Top Stories
NBN Co names first 140 FTTN sites
National trial extended.
 
Cloud, big data propel bank CISOs into the boardroom
And this time, they are welcome.
 
Photos: A tour of CommBank's new innovation lab
Oculus Rift, Kinect and more.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  25%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  23%
 
End user computing (desktops, mobiles, apps)
  12%
 
Software development
  27%
TOTAL VOTES: 225

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  63%
 
No
  37%
TOTAL VOTES: 67

Vote