Millions of downloads leads to first critical bug in Firefox 3

Powered by SC Magazine
 

As the Mozilla community marched toward a supposed world record of downloads of Firefox 3, researchers from TippingPoint announced a critical vulnerability affecting the day-old browser.

As the Mozilla community marched toward a supposed world record of downloads of Firefox 3, researchers from TippingPoint announced a critical vulnerability affecting the day-old browser.

TippingPoint announced on Wednesday that, just hours after Firefox was officially released on Tuesday, a researcher notified the security firm of the first publicly known vulnerability in Firefox 3.

According to tracking firm Secunia, the "highly critical" vulnerability is caused by an unknown error and can be remotely exploited to execute malicious code. TippingPoint, which purchased the vulnerability as part of its Zero-Day Initiative program, declined to release specifics until Firefox issues a patch.

The flaw not only exists in the new version of the browser but also affects Firefox 2.0 versions, Secunia said. User interaction is required for exploit, meaning a victim must visit a malicious website or click on a bogus link.

Window Snyder, the security chief at Mozilla, wrote Wednesday on the Mozilla security blog that the company is investigating.

"To protect our users, the details of the issue will remain closed until a patch is made available," she said. "There is no public exploit, the details are private, and so the risk to users is minimal."

It is not surprising that a bug was disclosed just hours after Firefox 3 was launched, Terri Forslof, manager of security response at TippingPoint, told SCMagazineUS.com on Thursday. Researchers who discover a vulnerability in prior versions often hold onto it to see if it still affects the new release.

In this case, it did.

Forslof said that as users await a fix, they should follow traditional safe computing practices.

"Don't click on links in emails from untrusted sources," Forslof said. "Don't visit websites that you didn't directly intend to go to. Just use good common sense while surfing the web."

Firefox 3 includes enhanced security features, such as blocking sites known to be distributing malware.

Mozilla reported Wednesday afternoon that Firefox 3 had been downloaded some 8.3 million times within 24 hours of its release. The company was shooting for a new Guinness World Record.

See original article on scmagazineus.com

Copyright © SC Magazine, US edition


Millions of downloads leads to first critical bug in Firefox 3
 
 
 
Top Stories
Meet FABACUS, Westpac's first computer
GE225 operators celebrate gold anniversary.
 
NSW Govt gets ready to throw out the floppy disks
[Opinion] Dominic Perrottet says its time for government to catch up.
 
iiNet facing new copyright battle with Hollywood
Fighting to protect customer details.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  26%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  21%
 
End user computing (desktops, mobiles, apps)
  15%
 
Software development
  26%
TOTAL VOTES: 337

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  57%
 
No
  43%
TOTAL VOTES: 141

Vote