Since the new release of popular web browser Mozilla Firefox 3.0, over 14 million downloads have been registered by the counter posted on the Spread Firefox website. But just in a few hours (about five) after the Mozilla Firefox 3.0 was made available to the public, security flaws have been reported.
TippingPoint, a provider of network-based intrusion prevention systems, was informed about existing security issues in Mozilla Firefox 3.0 through its program Zero Day Initiative (ZDI) that rewards security researchers for exclusive information disclosing vulnerabilities founded in software products.
Even the new security features of Firefox 3.0 have the main priority to maintain personal information safe and to protect users from phishing and malware, TippingPoint confirms the existence of a critical vulnerability of high severity that affects Mozilla Firefox 3.0 (ZDI ID: ZDI-CAN-349) and prior versions of Firefox 2.0.x: “We verified the vulnerability in our lab, acquired it from the researcher, then promptly reported the vulnerability to the Mozilla security team shortly after. Successful exploitation of the vulnerability could allow an attacker to execute arbitrary code. Not unlike most browser based vulnerabilities that we see these days, user interaction is required such as clicking on a link in email or visiting a malicious web page.”