Issue
A vulnerability in the way Firefox handles CSS allows an attacker to take advantage of an integer overflow and execute arbitrary code. In order for the attack to be successful a user must browse to a malicious site. The advisory is available here.
Impact
This critical vulnerability was reported to Mozilla before details were available publicly. By keeping the details of the issue private until the issue was patched, TippingPoint and Mozilla were able to keep the risk to users minimal.
Status
This issue is patched in Firefox 3.0.1 and 2.0.0.16 which are now available. Users will be prompted to install the update through the automatic update feature. If you would like to update now, select “Check for Updates” from the Help menu.
Credit
An anonymous reporter found this vulnerability and reported it to TippingPoint. TippingPoint reported it to Mozilla.
JerryCan wrote on
Window Snyder wrote on
Gigi wrote on
Self Sufficient wrote on
John Mclaughlan wrote on
John Mclaughlan wrote on