Mozilla has warned about a critical zero-day vulnerability affecting Firefox 3.5 and Firefox 3.6 users.
“We have received reports from several security research firms that have found exploit code leveraging this vulnerability in the wild,” Mozilla said on its security blog.
According to Mozilla, the problem first surfaced on the Nobel Peace Prize website. Access to that site has now been blocked, but the browser developer warned that other sites could be infected and said “users who visited an infected site could have been affected by the malware”.
One of the companies that reported the weakness, security firm Norman, said computers infected with the Trojan tried to connect to control machines in Asia.
“The malware would attempt to connect to two internet addresses, both of which point to a server in Taiwan,” the company reported.
“If the connection was successful, the attacker would have access to the infected computer and this Trojan could be active on other websites.”
Mozilla said it was working on a fix for the vulnerability, which would be pushed out to users when ready.