Browser manufacturer Mozilla is working on a fix for yet another critical zero-day vulnerability in its Firefox software, which is being used by cyber criminals to install Trojans on victims' PCs.
Norwegian security vendor Norman ASA was the first to discover the flaw in Firefox 3.5 and 3.6, the latest version, after identifying new malware infecting the Nobel Prize site early on Tuesday.
If users of these versions of Firefox visited the site while the attack was active, the Trojan would have covertly installed itself on their PC, Norman ASA explained.
The malware would then attempt to connect to two internet addresses which point to a server in Taiwan. If the connection was successful, the perpetrator would gain access to the infected PC.
In an update on the Mozilla security blog, the browser maker said that the Nobel site is now being blocked by Firefox's built-in malware protection.
"However, the exploit code could still be live on other web sites," the firm said. "We have diagnosed the issue and are currently developing a fix which will be pushed out to Firefox users as soon as the fix has been properly tested."
There are no other reported attempts to exploit this flaw at present.
Only last week, Mozilla updated Firefox to fix nine security flaws, including five remote code execution vulnerabilities which, if exploited, could allow attackers to remotely install malware on a targeted system.
Dust storm on Titan only the third Solar System body where such storms have been observed
New technique could enable quantum computers to scale-up to millions of qubits
Systrom and Krieger taking time off "to explore our curiosity and creativity"
Comcast's £29.7bn winning bid more than twice the £13.7bn Rupert Murdoch valued Sky at just eight years ago