EfluxMedia

While Mozilla is celebrating its over 8 million downloads of Firefox 3.0, it seems like the new browser will make again headlines, this time for a different reason: a security bug.

The security research company TippingPoint has reported through their DVLabs blog, that five hours after the official release of Firefox 3, an anonymous researcher submitted information about a critical vulnerability affecting Firefox 3.0, as well as prior versions of Firefox 2.0.x.

TippingPoint has classified the vulnerability as critical, which means that the successful exploitation of the flaw could allow an attacker to execute arbitrary code. Not unlike most browser based vulnerabilities, user interaction is required such as clicking on a link in email or visiting a malicious web page.

After receiving the tip from the anonymous researchers, TippingPoint verified the vulnerability in their lab and promptly reported it to the Mozilla security team shortly after.

Mozilla confirmed the vulnerability, but in a blog post the company explained that the users are not exposed to any risk, because the details about the vulnerability are private and there is no public exploit. However a patch is to be expected in the next few days.

Still, is hard to believe that the vulnerability will spoil Mozilla’s party. The company made yesterday an impressive demonstration about the popularity of their browser and the dedication of their fans.