Researchers have already uncovered a 'critical' flaw in Firefox 3
Bug hunters make short work of Firefox
/v3-uk/news/1991031/bug-hunters-short-firefox
20 Jun 2008, Shaun Nichols , V3
Security researchers have wasted no time in prodding Firefox 3 for possible security holes.
Just five hours after the browser made its public debut, the first remote code execution vulnerability was reported.
Security firm Tipping Point revealed on Wednesday that it received the report via its Zero Day Initiative service shortly after the browser was released.
Tipping Point has declined to release the name of the researcher who discovered the flaw, nor is it disclosing any further details on the vulnerability until a patch is prepared.
However, the flaw is categorised as a 'critical' vulnerability that could allow an attacker to remotely execute code on a user's computer.
Tipping Point said that it had sent the report to Mozilla and that developers were currently working on a fix for the flaw.
The security company plans to disclose further details on the nature of the vulnerability once a patch has been issued. No attacks targeting the vulnerability in the wild have been reported.
Security firms F-Secure and Secunia both recommend that users mitigate the risk by following best practices such as avoiding suspicious links and steering clear of untrusted sites.
© Incisive Media Investments Limited 2010, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093
Do you agree?
Why now?
I like that the reporter waited until now to report the issue rather than doing so sometime during the past 6-12 months when FF3 was in development and being bug tested.
Posted by Viper007Bond, 20 Jun 2008
wanting publicity and got it!
Why did this company wait until the release of the product before trumpetting this vulnerability? The beta version has been available for a long time. It feels like they were waiting for it to be released before telling what they had found in order to make their company look special. If they had submitted the issue when they first found it, like decent people, it would been much more positive.
Posted by ukubuntu, 22 Jun 2008