Daily cyber threats and internet security news: network security, online safety and latest security alerts
June 18th, 2008

New Firefox 3.0 Is Vulnerable To High-Severity Code Execution

Code execution vulnerability found in latest Firefox 3.0 could allow an attacker to execute arbitrary code, permitting the attacker to completely take over the vulnerable process, potentially allowing the machine running the process to be completely controlled by the attacker. The flaw found in Firefox 3.0 is considered a high-severity risk and affects earlier versions of Firefox 2, including the latest

Several hours after the official release, an unnamed researcher has sold a critical code execution vulnerability to TippingPoint’s Zero Day Initiative (ZDI), a company that buys exclusive rights to software vulnerability data. The vulnerability puts Firefox 3.0 users at risk of PC takeover and malware infection attacks.

Technical details are kept unrevealed until Mozilla’s security team develops a patch. TippingPoint researchers continue to study the flaw to see if user-interaction required for successful exploitation, such as clicking on a link or visiting a malicious web page.

Until there is a patch, Firefox users should avoid clicking on links that arrive via e-mail or in IM messages from unknown or suspicious sources. At this point, there are no reports of this issue being exploited.

Share this item with others:

More on CyberInsecure:
  • Firefox Is Out
  • 7 Security Vulnerabilities Patched In Firefox 3.0.6 By Mozilla
  • High-risk Vulnerabilities In Google Chrome
  • Numerous Securty Vulnerabilities Patched In Firefox 3.0.5
  • High Risk Of Malicious Code Execution Attacks Due To Mac OS X 6-month Old Java Flaw

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: New Firefox 3.0 Is Vulnerable To High-Severity Code Execution

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.