This kind of sucks. After all the ballyhoo yesterday regarding Firefox 3 and it’s 8.4 million downloads comes word of the first vulnerability in the browser, a zero day attack (see update here) that would allow an attacker to trick a user into executing their code, which could wreak all kinds of havoc on a computer.
The details of the hole aren’t given, so hacker types can’t take advantage of it. And the people behind Firefox, Mozilla, have been notified so they can patch it up, though there’s no word yet on when that update might come.
Zero day attacks are a popular way for malicious users to infect other computers with spyware, worms, trojans, and all sorts of nastiness. Hopefully this one gets patched up before someone not as nice as the Zero Day Initiative can exploit it.
Yup. They say the early bird gets the worm, but it’s the SECOND mouse that gets the cheese…Glad I waited (am waiting) to switch.
The vulnerability exists in Firefox 2 as well, so holding off on upgrading isn’t going to protect you from it.
It’s not a zero day attack. It’s a potential vulnerability known to the reporter and known to Mozilla. For it to be a zero day attack, it would have to be disclosed to the public and the bad guys. That’s not what happened here and it does a disservice to the responsible security researchers that are working with Mozilla on this issue to label them with that which is rightly reserved for irresponsible disclosure.