firefox vulnerable.jpgMozilla has got to be happy that they’re Firefox 3 web browser has received over 12 million downloads since Tuesday, but it took only five hours for the browser’s first critical vulnerability to be discovered. Luckily details about the vulnerability have not been made public, and Mozilla has said that there’s no known exploit for the bug at this time.

At this point very little is known about the vulnerability other than the fact that you would have to click on a link to initiate it:

Successful exploitation of the vulnerability could allow an attacker to execute arbitrary code. Not unlike most browser based vulnerabilities that we see these days, user interaction is required such as clicking on a link in email or visiting a malicious web page.

For those of you running Firefox 2 still… you’re not immune to this either. This affects both Firefox 2 and Firefox 3, and Mozilla is already working on a patch to plug the hole. I guess that means you’ll want to exercise caution when clicking on unknown links, but then again you should always be doing that. ;)

Mozilla Blog [via CNet]

There Are 17 Comments

  1. Brings new meaning to the phrase ‘You build it, they will come.’

  2. s wrote:
    use sandboxie

    That would definitely help, but a very small amount of Firefox users probably actually use Sandboxie.

    The Guru wrote:
    Brings new meaning to the phrase ‘You build it, they will come.’

    :D It sure does!

  3. I have a feeling the anonymous tipster behind it waited until the Firefox 3.0 release in order rain on Mozilla’s parade as he may have found it a while ago in RC or Beta earlier as RC2 on Windows/Linux is the same as Final for example as RC3 was mainly for Mac.

  4. James wrote:
    I have a feeling the anonymous tipster behind it waited until the Firefox 3.0 release in order rain on Mozilla’s parade as he may have found it a while ago in RC or Beta earlier as RC2 on Windows/Linux is the same as Final for example as RC3 was mainly for Mac.

    That’s exactly what happened. That person just wanted his few seconds of ‘fame’.

    For a good write-up, check this site: [robert.accettura.com]

  5. IE7 version of this news report:

    IE7 IS NOT SECURE!

    No one has downloaded IE7 since Tuesday, but it took only five seconds for the browser’s first critical vulnerability to be discovered. Details about the vulnerability can be viewed through MSDN, and Linux fanboys has said that there’s over 100 known exploits for the bug at this time.

    At this point very much is known about the vulnerability and you just would have to click on a link to initiate it:

    Successful exploitation of the vulnerability could allow an attacker to execute arbitrary code. It works just by clicking on a link in email or visiting a malicious web page.

    Only god knows when a patch is available to plug the hole. Total FAILURE! MS is so pathetic! Download Firefox!

    This site is the best because it is not a site like that (like pathetic theinquirer.net for example).

  6. Smithers (first one)
    Smithers wrote:
    IE7 version of this news report:

    IE7 IS NOT SECURE!

    No one has downloaded IE7 since Tuesday, but it took only five seconds for the browser’s first critical vulnerability to be discovered. Details about the vulnerability can be viewed through MSDN, and Linux fanboys has said that there’s over 100 known exploits for the bug at this time.

    At this point very much is known about the vulnerability and you just would have to click on a link to initiate it:

    Successful exploitation of the vulnerability could allow an attacker to execute arbitrary code. It works just by clicking on a link in email or visiting a malicious web page.

    Only god knows when a patch is available to plug the hole. Total FAILURE! MS is so pathetic! Download Firefox!

    This site is the best because it is not a site like that (like pathetic theinquirer.net for example).

    Please stop posting under my alias… :|

  7. The final product crashes more than the beta!!!!

  8. Hehe sorry man :)

    That nick was automatically filled so I did not mean to use your nick… Did you know that mr. Smithers is gay? ;)

  9. Well the new FF3 sucks… the whole font rendering system is horrible the fonts constantly changing size and appears all whacked when it shouldn’t, already uninstalled and went back to FF2 since it doesn’t have this problem!

  10. Andrew wrote:
    Well the new FF3 sucks… the whole font rendering system is horrible the fonts constantly changing size and appears all whacked when it shouldn’t, already uninstalled and went back to FF2 since it doesn’t have this problem!

    huh??

    i’m a bit sensitive to font issues myself, but i have no idea what you’re talking about.

    so far i’m loving FF3.

  11. James wrote:
    I have a feeling the anonymous tipster behind it waited until the Firefox 3.0 release in order rain on Mozilla’s parade as he may have found it a while ago in RC or Beta earlier as RC2 on Windows/Linux is the same as Final for example as RC3 was mainly for Mac.

    I’m sure that’s exactly what happened, which is unfortunate. I guess we just have to be happy that it wasn’t publicly disclosed.

    Ken wrote:
    The final product crashes more than the beta!!!!

    You might want to try starting with a fresh profile… I haven’t had Firefox 3 crash on me in months.

  12. Ryan wrote:
    Ken wrote:
    The final product crashes more than the beta!!!!

    You might want to try starting with a fresh profile… I haven’t had Firefox 3 crash on me in months.

    You are not trying hard enough. :P

  13. Firefox 2.0.0.15 has been pushed back to July 1st because of this. A respin was just done on Friday, June 20th.

  14. The Guru wrote:
    Firefox 2.0.0.15 has been pushed back to July 1st because of this. A respin was just done on Friday, June 20th.

    Interesting that the release got pushed back because of this. You would have thought that this would bring the 2.0.0.15 release even sooner. Heck, even Flock grabbed the patch from Mozilla’s servers, incorporated it into their current version, and already posted the new release.

  15. Latest version- Firefox 7 is awesome <3<3<3 I luv firefox!

Leave Your Comment


Message is the only required field.
Emails are not published.