The third release of Mozilla's open source Firefox browser has
been marred by the
discovery of security flaw that could allow a hacker to run
malicious code.
The discovery comes less than a day after the new browser was
launched and affects previous versions of the browser too, said
security experts Digital Vaccine Labs.
"Five hours after the official release of Firefox 3.0 on 17June,
our Zero Day Initiative program received a critical vulnerability
affecting Firefox 3.0 as well as prior versions of Firefox 2.0.x,"
the
company said on its blog.
"Not unlike most browser-based vulnerabilities that we see these
days, user interaction is required such as clicking on a link in
e-mail or visiting a malicious web page."
The group said it had reported the vulnerability to the Mozilla
security team, who were now working on a fix, but at the time of
writing no patch was immediately available.
Mozilla said that the
new version of FireFox had "raised the bar for security" upon
its release and that because FireFox was designed as an open source
product, it could leverage the experience of thousands of security
experts around the globe.