The flaw, reported by application delivery solutions provider Radware, could result in a denial-of-service condition if a user is successfully led to the exploit website, the company said in a news release.
The bug is caused by a null pointer dereference error in Firefox's content layout component, according to the Mozilla Security Blog. This means that when an application dereferences a pointer, or a programming language data type that points to an object, it expects it to be valid -- but on a malicious page it would be null.
While Radware says an exploit would lead to the loss of any unsaved information, Mozilla said it includes a feature in Firefox that restores the browser if it crashes, likely resulting in the restoration of any data.
Mozilla said it has assigned a "low" severity rating to the bug and will continue to investigate.
Firefox 3 was released in June.
.png&w=120&c=1&s=0)
Tech in Gov 2025
Forrester's Technology & Innovation Summit APAC 2025
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
.jpg&h=271&w=480&c=1&s=1)
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
