NEWS FROM THE LAB - Thursday, June 19, 2008

Firefox 3 Vulnerability Discovered Posted by Vulnerabilities @ 09:47 GMT

Firefox 3 has suffered its first reported code execution vulnerability.

Firefox 3 - http://www.mozilla.com

About five hours after its release, TippingPoint's Zero Day Initiative received a critical vulnerability affecting Firefox 3.0. Earlier versions of Firefox are also affected.

TippingPoint confirmed the vulnerability, got it from the researcher, then contacted Mozilla. A fix is now in progress. You can read more details from TippingPoint.

TippingPoint hasn't revealed any technical details of the vulnerability. They will not do so until a patch is available. The vulnerability requires some user interaction such as clicking on an e-mail link or visiting a malicious page.

There are no examples of this exploit in the wild so the best advice is to maintain best browsing practices while waiting for Mozilla's fix. And confirm that your Firefox is set to automatically update.

Firefox 3 Update Options

Signing off,