Firefox 3 vulnerability found
Five hours after Mozilla officially released Firefox 3.0, researchers found a vulnerability in the new browser.
Tipping Point has verified the bug and reported it to Mozilla, Tipping Point said on Wednesday.
Since Mozilla is still working on a fix, the researchers won't share details about the problem. Tipping Point ranked the severity of the vulnerability as high, but said that users would have to click on a link in an e-mail or visit a malicious Web page before being affected. The issue affects users of Firefox 3.0 as well as Firefox 2.0.
Once the problem is fixed, Tipping Point will publish an advisory on its Web site, it said.
Tipping Point found out about the vulnerability through its Zero Day Initiative, which lets researchers earn cash by submitting new vulnerabilities to the company. Once Tipping Point validates the issue, it pays the researcher for the information and notifies the relevant software vendor of the technical details.
Mozilla did not respond to a request for comment.
Mozilla launched its newest browser on Tuesday along with a marketing stunt that went a bit wrong. The company announced that it wanted to set a Guinness World Record for the largest number of software downloads in a 24-hour period. However, the volume of downloads crippled Mozilla's site, and so customers in the U.S. couldn't begin downloading the software until two hours later than expected. Still, Mozilla said it logged more than 8 million downloads within 24 hours. There is currently no record for number of software downloads in a day, but Mozilla must now wait for review of the stunt by Guinness officials.
IDG News Service
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
firefox
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
