Browser manufacturer Mozilla is working on a fix for yet another critical zero-day vulnerability in its Firefox software, which is being used by cyber criminals to install Trojans on victims' PCs.
Norwegian security vendor Norman ASA was the first to discover the flaw in Firefox 3.5 and 3.6, the latest version, after identifying new malware infecting the Nobel Prize site early on Tuesday.
If users of these versions of Firefox visited the site while the attack was active, the Trojan would have covertly installed itself on their PC, Norman ASA explained.
The malware would then attempt to connect to two internet addresses which point to a server in Taiwan. If the connection was successful, the perpetrator would gain access to the infected PC.
In an update on the Mozilla security blog, the browser maker said that the Nobel site is now being blocked by Firefox's built-in malware protection.
"However, the exploit code could still be live on other web sites," the firm said. "We have diagnosed the issue and are currently developing a fix which will be pushed out to Firefox users as soon as the fix has been properly tested."
There are no other reported attempts to exploit this flaw at present.
Only last week, Mozilla updated Firefox to fix nine security flaws, including five remote code execution vulnerabilities which, if exploited, could allow attackers to remotely install malware on a targeted system.
Claims to have "the most competitive logic density" in the industry
Dell's high-end mobile workstations upgraded with Intel Coffee Lake CPUs
Webstresser admins were also arrested in the UK, Croatia, Canada and Serbia
Security firm claims that 117,638 sites out of 135,035 analysed contain serious security flaws