Just 5 hours after the official release of the latest refresh of Mozilla's flagship browser, an unnamed researcher has sold a critical code execution vulnerability that puts all Firefox 3.0 users at risk of PC takeover attacks.
According to a note from TippingPoint's Zero Day Initiative (ZDI) , a company that buys exclusive rights to software vulnerability data, the Firefox 3.0 bugalso affects earlier versions of Firefox 2.0x.
Technical details are being kept under wraps until Mozilla's security team ships a patch.
According to ZDI's alert, it should be considered a high-severity risk:
"Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code, permitting the attacker to completely take over the vulnerable process, potentially allowing the machine running the process to be completely controlled by the attacker".