Five hours after Firefox 3 was released to the public, security firm Tipping Point claims to have found a critical security flaw, which could affect any Firefox 2.0x or Firefox 3 simply by clicking on a malicious link. Exploitation of the vulnerability could allow an attacker to execute arbitrary code.
Tipping Point said that it will not share any details about the problem since Mozilla is currently working on a fix. The discovery of vulnerability coincided with the release of Firefox 3, downloaded by more than 8 million people in the first 24 hours of its release.
The severity of this vulnerability is ranked as “high”, but an exploit requires user interaction such as clicking on a link in email or visiting a malicious web page. Once the issue is patched, Tipping Point said it will publish an advisory. The organization expects Mozilla to move swiftly into action and release the fix as soon as possible. "Working with Mozilla on past security issues, we've found them to have a good track record and expect a reasonable turnaround on this issue as well," said Tipping Point.