First Security Flaw Found in Firefox 3

It has been an exciting week for Mozilla as well as for fans of its popular browser. The response to Firefox 3's public release was literally overwhelming, causing the servers to temporarily fold under pressure. This flurry of downloads not only exceeded Mozilla's expectations but earned Firefox 3 a Guinness World Record. As of Sunday evening, almost 17 million downloads had been tallied. Not all of the news has been positive, however, as details of a critical vulnerability were unveiled just hours after Firefox 3's release.

First reported to research organization TippingPoint DVLabs as part of their Zero Day Initiative, the vulnerability could allow an attacker to execute arbitrary code on a victim's machine. User interaction such as visiting a malicious Web page or clicking a specially crafted link is required in order for this flaw to be exploited. Other than the fact that it affects both the Firefox 2.0.x and 3.0 browsers, further information was not released. "To protect our users, the details of the issue will remain closed until a patch is made available," said Mozilla's Window Snyder on the company's security blog. "There is no public exploit, the details are private, and so the current risk to users is minimal."