According to foreign media reports, Firefox has a high-risk security vulnerability, and the attack code compiled by security researchers has been published on several security websites. Firefox developers have to break the regular rules and fix the vulnerability as soon as possible. Before the vulnerability is fixed, the attack code can be modified by attackers for more destructive intrusion.
Mozilla developers have begun to study how to fix the vulnerability. The vulnerability is expected to be fixed in Firefox 3.0.8 released next week.
Lucas Adamski, Mozilla Security Engineering director, said in an email that this is a very serious security vulnerability.
According to Mozilla developers, this vulnerability affects Firefox browsers on all operating systems, including Apple's Mac OS and Linux.
Attackers can exploit this vulnerability to browse a malicious code XML file and install arbitrary software on the computer.
This Web-based malware, also known as download-driven malware, has been widely used in recent years.
Generally, if a third-party security researcher discovers a security vulnerability in a product, the third-party security researcher will first notify the vendor to disclose the vulnerability information only after the patch is released. However, this security researcher's breakthrough may put Firefox browser users at risk of being attacked.
- Silverlight provides a browser-free experience
- PCWorld: Firefox browser declared dead