Mozilla said Wednesday that it is investigating a new, vulnerability in Firefox 3 web browser that could permit an attacker to crash a victim's browser.
The flaw, reported by application delivery solutions provider Radware, could result in a denial-of-service condition if a user is successfully led to the exploit website, the company said in a news release.
The bug is caused by a null pointer dereference error in Firefox's content layout component, according to the Mozilla Security Blog. This means that when an application dereferences a pointer, or a programming language data type that points to an object, it expects it to be valid -- but on a malicious page it would be null.
While Radware says an exploit would lead to the loss of any unsaved information, Mozilla said it includes a feature in Firefox that restores the browser if it crashes, likely resulting in the restoration of any data.
Mozilla said it has assigned a "low" severity rating to the bug and will continue to investigate.
Firefox 3 was released in June.
Mozilla warns of low-risk DoS vulnerability in Firefox 3
By
Dan Kaplan
on
Jul 31, 2008 10:05AM
Mozilla is investigating a new, low-risk vulnerability in its recently released Firefox 3 web browser that could permit an attacker to crash a victim's browser.
Got a news tip for our journalists? Share it with us anonymously here.
Sponsored Whitepapers
Free eBook: Digital Transformation 101 – for banks
Why financial services need to tackle their Middle Office
Learn: The latest way to transfer files between customers
Extracting the value of data using Unified Observability
Planning before the breach: You can’t protect what you can’t see