Mozilla has got to be happy that they’re Firefox 3 web browser has received over 12 million downloads since Tuesday, but it took only five hours for the browser’s first critical vulnerability to be discovered. Luckily details about the vulnerability have not been made public, and Mozilla has said that there’s no known exploit for the bug at this time.
At this point very little is known about the vulnerability other than the fact that you would have to click on a link to initiate it:
Successful exploitation of the vulnerability could allow an attacker to execute arbitrary code. Not unlike most browser based vulnerabilities that we see these days, user interaction is required such as clicking on a link in email or visiting a malicious web page.
For those of you running Firefox 2 still… you’re not immune to this either. This affects both Firefox 2 and Firefox 3, and Mozilla is already working on a patch to plug the hole. I guess that means you’ll want to exercise caution when clicking on unknown links, but then again you should always be doing that. ;)