Security Flaw In Firefox 3 Leaves Browser Open To Attack

Mozilla Firefox 3.0 may be new but it might not be secure. Just five hours after Mozilla's release of the updated Web browser Tuesday, researchers at TippingPoint detected a critical security vulnerability in Firefox 3.0, allowing remote attackers to take control of a user's PC.

In addition to Firefox 3.0, the security flaw also affects previous versions of Firefox 2.0x.

As with most zero-day vulnerabilities, remote attackers could execute malicious code on a user's computer if they successfully exploited the flaw, according to a TippingPoint blog post. Consequently, TippingPoint researchers designated the error with a "high" severity rating.

However, like most browser-based vulnerabilities, a successful attack would also require active user participation. An attacker would have to entice a user to click on a malicious link sent in a phishing e-mail or to visit a malicious Website for the user's computer to become infected.

According to the company's Zero-Day Initiative Website, TippingPoint has already contacted Mozilla regarding the issue and a fix is currently in the works. However, the exact patch release date remains to be determined.

Once the vulnerability is repaired, TippingPoint said it planned to publish the security advisory on the "Published Advisory" page on its Website.

"Working with Mozilla on past security issues, we've found them to have a good track record and expect a reasonable turnaround on this issue as well," said TippingPoint.