Firefox critical vulnerability patched in 3.0.8, due next week
A new vulnerability has just been found in Firefox. The vulnerability, discovered by security researcher Guido Landi, was published on several security sites on Wednesday the 25th. The flaw could be used by an attacker to remotely execute code on a users machine using remote memory corruption after a user views a specially crafted malicious XML file.
Source code for the patch has already been created by the developers to be included in Firefox version 3.0.8, which has been deemed a "high-priority fire drill security update." Users who build their own Firefox binaries can apply the patch now, while most users will have to wait for the release of 3.0.8 binary versions. According to Mozilla developer notes, the vulnerability seems to affect Firefox versions 3.0 to 3.0.7 on all operating systems, including Linux and Mac. Blake Kaplan, one of the developers, said that the bug is rather obvious "once you see it."