Firefox 3 suffers its first vulnerability

Less than one day after its launch, Firefox 3 has a vulnerability.

According to Tipping Point's Zero Day Initiative, the vulnerability, which it rates as critical, was reported within the first five hours of Firefox 3's release.

"Once the vulnerability was verified in TippingPoint's DVLabs and acquired from the researcher, the vulnerability was promptly reported to the Mozilla security team," said a representative.

Although the Zero Day Initiative team does not offer specifics until the vendor has a chance to patch it, the blog post did say this vulnerability, which also affects Firefox 2, requires user interaction and could result in an attacker executing arbitrary code.

Mozilla is reported to be working on a fix.

The Zero Day Initiative has been criticized in the past for paying researchers who find vulnerabilities.

[CSharpZealot]

That's hillariously ironic seeing as i just saw an interview with the design director (believe that was his title) from Firefox in regards to the download record they're trying to set..

in the interview the *** mentioned that FF was the most secure browser and they've fixed 15000 issues ..yada yada yada..since this is the same security flaw that's exploitable in FF2, how come it wasn't addressed in the list of fixes?

shame on you!

[Lerianis]

Not surprised by this. Firefox is meant to be more secure than IE, but there is absolutely NO way that they could anticipate all the ways that someone could infect a system or exploit their software. Though, if this requires 'User interaction'..... I wouldn't mark this as critical, unless it means that you just have to click on a link and BOOM! You're infected by malware/spyware.

[pjhenry1216]

I find it somewhat coincidental that they never found this flaw which also existed in firefox 2 until the day firefox 3 launches. I would not be the least bit surprised if they sat on the bug until firefox 3 came out to see if it still existed and then sent out their little memo just to get headlines.

[groink_hi]

As long as the vulnerability is also in version 2.x. The title of the article made it sound like the vulnerability was added to 3.0, rather than being inherited from an earlier version.

[groink_hi]

As long as the vulnerability is also in version 2.x. The title of the article made it sound like the vulnerability was added to 3.0, rather than being inherited from an earlier version.

[NewsReader_]

Wow. There are now 8 million+ potential victims out there.

It does not matter if the vulnerability was already there. If Firefox 3 is so much better, why didn't it get fixed.

How embarrassing.

[gggg sssss]

ROTFLMAO while typing this in IE&

[drhowarddrfine]

ROTFLMAO at the Windows users making comments above who have more than 3x the vulnerabilities of any other browser.

[ferretboy88]

Who cares if they pay people to find attacks.

[Kwasiowusu]

Very funny. What delicious irony. The much vaunted "super secure" Firefix suffers from a security vulnerability that existed in Firefox 2 in les than 24 hours after launch. What a joke! If new version of IE had such a big and obvious security hole within a day of launching, the open source crazies would be all over this board, insanely screaming about how open source is "inherently more score", and how "Microsoft sucks". I can barely control my luaghter. LMAO!

[Tbird1996]

..ok...it's better than anything that MS has to offer. Mac guys...sorry you're soooo insignificant...and when Linux get just a little further down the road...we'll all be better for it.
(why do the Mac people trash Linux so badly when their OS is based on Linux...?' eh?)

[Tbird1996]

..ok...it's better than anything that MS has to offer. Mac guys...sorry you're soooo insignificant...and when Linux get just a little further down the road...we'll all be better for it.
(why do the Mac people trash Linux so badly when their OS is based on Linux...?' eh?)

[The_Decider]

At least Windows fans are consistently idiotic. More secure doesn't mean flawless. It means it is more secure then IE. That is fact. Deal with it, grow up, and stop letting MS do your thinking for you.

[FrankTurd]

Too funny. All the hype and Firefox 3 puts the users are risk right off the bat. What a piece of crap. Security my butt.

[DJRWolf]

Early security bugs like this is one of the reasons why I have not upgraded yet. The other being I'm waiting for add-on's to update to 3 from 2.

[rklrkl]

I defniitely think whoever found this flaw sat on it, potentially for weeks, until the Firefox 3 final version was released to get maximum publicity. Not only does Firefox 2 have this flaw, but so would all the many Firefox 3 pre-releases, especially the release candidates. Remember that the Firefox 3 final build date was actually 29th May on Windows/Linux, some 3 weeks before the final was formally released. If the flaw discoverer sat on the bug without telling Mozilla for weeks, then that's gross negligence and unless someone can prove otherwise, I think that's the far more likely scenario.

[pretenderkc]

folks, let me just make it simple.
FF or IE or whatever, there will be always a FLAW.
software is designed and written by human.
and human ain't perfect and that's the weak link.
one might claim otherwise.

there are people who enemy #1 to Microsoft but you have to thank Microsoft for what computer became today.
true that Microsoft might step on a foot here and there, low punch here and there, but think about it, which company at Microsoft position didn't play the same trick?
and this is true for other industry as well....including politicians.

considering that IE is the top guy, u know there are a lot of people who want to topple it.

yesterday was the first time i checked out FF.
downloaded it.
installed it.
play wth it for a couple hrs.
uninstall it on the same day!!!
FF can't even render the webpage correctly.
FF will always be like Linux.
fun to play with but if u want something productive, it will be always Microsoft.

though, i have to praise the folks at FF and others like Linux and MicroSystem.
without them, Microsoft wouldn't move their big ass to improve their product.
so, competition is good for the consumer.

long live the REVOLUTION!!!!

[Pharaoh630]

No application, software, etc. is ever 100% secure. This is no surprise, that's why patches are made available to users. Hopefully they're able to correct the vulnerability in a timely fashion, before users fall victim to malicious code.

[Philstera]

How embarrassing

[james.grimes]

pjhenry1216, I agree. There is just too much of a coincidence there. It seems very fishy.

Kwasiowusu, use a spell checker. And yes, they even have them available for those whom would rather use closed-source Internet Exploder (sorry, I meant Explorer)