The flaw, reported by application delivery solutions provider Radware, could result in a denial-of-service condition if a user is successfully led to the exploit website, the company said in a news release.
The bug is caused by a null pointer dereference error in Firefox's content layout component, according to the Mozilla Security Blog. This means that when an application dereferences a pointer, or a programming language data type that points to an object, it expects it to be valid -- but on a malicious page it would be null.
While Radware says an exploit would lead to the loss of any unsaved information, Mozilla said it includes a feature in Firefox that restores the browser if it crashes, likely resulting in the restoration of any data.
Mozilla said it has assigned a "low" severity rating to the bug and will continue to investigate.
Firefox 3 was released in June.
.jpg&h=140&w=231&c=1&s=0)
_(39).jpg&w=100&c=1&s=0)
iTnews Executive Retreat - Data & AI Edition
.png&w=120&c=1&s=0)
iTnews Cloud Covered Breakfast Summit
iTnews State of Security Breakfast
The 2026 iAwards
.jpg&w=120&c=1&s=0)
Integrate 2026
_(1).jpg&h=140&w=231&c=1&s=0)
