Issue
A vulnerability in the way Firefox handles CSS allows an attacker to take advantage of an integer overflow and execute arbitrary code. In order for the attack to be successful a user must browse to a malicious site. The advisory is available here.
Impact
This critical vulnerability was reported to Mozilla before details were available publicly. By keeping the details of the issue private until the issue was patched, TippingPoint and Mozilla were able to keep the risk to users minimal.
Status
This issue is patched in Firefox 3.0.1 and 2.0.0.16 which are now available. Users will be prompted to install the update through the automatic update feature. If you would like to update now, select “Check for Updates” from the Help menu.
Credit
An anonymous reporter found this vulnerability and reported it to TippingPoint. TippingPoint reported it to Mozilla.
JerryCan
wrote on
Window Snyder
wrote on
Gigi
wrote on
Self Sufficient
wrote on
John Mclaughlan
wrote on
John Mclaughlan
wrote on