News

Vulnerability Found in New Firefox Browser

It took only five hours from the release of Firefox version 3.0 for a researcher to report a critical vulnerability in the open source browser.

The Zero Day Initiative of TippingPoint Technologies, which received the vulnerability hours after the new browser's June 17 release, said the vulnerability is a critical one that an attacker could exploit to execute arbitrary code on the compromised computer.

The Zero Day Initiative is a clearinghouse program that pays researchers for newly discovered vulnerabilities and passes them to vendors so that they can make fixes or issue patches created before the vulnerabilities become public.

The volunteer Mozilla project developed Firefox version 3, which is the fourth major release of the browser. The project said there are more than 15,000 improvements in the latest version, including a smart location bar, the ability to zoom in on a portion of a Web page, improved security and an integrated tool to manage add-ons. It also requires less memory.

According to TippingPoint, the vulnerability affects version 3.0 and 2.0x of the browser, meaning developers did not introduce it in the new release. It has been reported to the Mozilla project, which is working on a fix.

"Not unlike most browser-based vulnerabilities that we see these days, user interaction is required, such as clicking on a link in e-mail or visiting a malicious Web page," TippingPoint reported.

It is not releasing any other details of the vulnerability until a fix is available from Mozilla. The company will report the fix once it has been released.

About the Author

William Jackson is the senior writer for Government Computer News (GCN.com).

Featured

  • Old Stone Wall Graphic

    Microsoft Addressing 36 Vulnerabilities in December Security Patch Release

    Microsoft on Tuesday delivered its December bundle of security patches, which affect Windows, Internet Explorer, Office, Skype for Business, SQL Server and Visual Studio.

  • Microsoft Nudging Out Classic SharePoint Blogs

    So-called "classic" blogs used by SharePoint Online subscribers are on their way toward "retirement," according to Dec. 4 Microsoft Message Center post.

  • Datacenters in Space: OrbitsEdge Partners with HPE

    A Florida-based startup is partnering with Hewlett Packard Enterprise in a deal that gives new meaning to the "edge" in edge computing.

  • Windows 10 Hyper-V vs. Windows Server Hyper-V: Which Platform for Which Workloads?

    The differences between these two Hyper-V versions are pretty significant, depending on what you plan to use them for. Here's a quick rundown of each platform, from their features to licensing quirks to intended use cases.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.