TippingPoint ZDI notified Mozilla of a vulnerability in Firefox that impacts versions 2.x and 3.0. This issue is currently under investigation. To protect our users, the details of the issue will remain closed until a patch is made available. There is no public exploit, the details are private, and so the current risk to users is minimal.
TippingPoint will also keep the details closed to protect Firefox users. From their blog post:
While Mozilla is working on a fix, we wont be divulging anything else until a patch is available, adhering to our vulnerability disclosure policy. Once the issue is patched, we’ll be publishing an advisory here. Working with Mozilla on past security issues, we’ve found them to have a good track record and expect a reasonable turnaround on this issue as well.
At Mozilla we appreciate any report of security issues because that is how we make the browser stronger and more secure. The best way to keep Firefox users safe is to report the issues directly to Mozilla as TippingPoint has chosen to, and to wait to release details until a fix is available.
lolo Irie wrote on
Michael Lefevre wrote on
Joseph wrote on
Palonek wrote on
Window Snyder wrote on
Fx3 wrote on
IT Dude wrote on
Alberto Ferrer wrote on
Wayne Patrick wrote on
Joanna wrote on
George Fiotakis wrote on
Honey Singh wrote on
Adam Quigley wrote on
Jan Schejbal wrote on
Window Snyder wrote on
Louise Larsen wrote on
LINDA wrote on
Dave Lenney wrote on
Ray wrote on
Linda Owen wrote on