By Dan Goodin in San Francisco
26th March 2009
Mozilla's security team is rushing out a fix for its flagship Mozilla
browser following the public release of attack code that targets a
previously unknown vulnerability.
The exploit was released Wednesday online. It attacks a vulnerability
present on Windows, Mac and Linux versions of the browser and could be
used to surreptitiously execute malware on the machines of users who
browse booby-trapped websites. The flaw is classified as a boundary
condition error that targets Firefox's XML parsing features according to
This is the second critical vulnerability in Firefox to come to light in
as many weeks. Last week, a master's candidate from the University of
Oldenburg in Germany unveiled a separate vulnerability that allowed him
to compromise the browser's security. At time of writing, there were no
reports that attackers were exploiting either vulnerability, but there's
nothing stopping a determined miscreant from modifying Wednesday's
release into working attack.
Mozilla intends to fix both vulnerabilities in the version 3.0.8, which
is due for release on April 1, Mozilla says here. Mozilla developers are
characterizing it as a "high-priority firedrill security update."
Best Selling Security Books and More!