The United States Computer Emergency Readiness Team (US-CERT) released an advisory on the flaw Tuesday, saying Firefox 220.127.116.11 and 2.0 "allows remote attackers to cause a denial of service by creating a range object using createRange, calling selectNode on a DocType node, then calling createContextualFragment on the range, which triggers a null dereference."
The Bethesda, Md.-based SANS Internet Storm Center (ISC) also warned of the flaw on its Web site. Original reports indicated attackers could exploit the flaw to cause a buffer overflow and launch malicious code, the ISC noted. But as of Tuesday, that could not be verified. The potential for a denial of service has been confirmed, however.
"This exploit will occur when a specifically crafted Web page tries to create a range object with 'createRange,'" the ISC said. "So far it will only make the browser crash. If new information is made available, we will post updates."
Mozilla released Firefox 2.0 last week, nearly a year after making the last big upgrade. New features warn users of phishing Web sites, offer suggestions regarding frequently used search terms and corrects spelling mistakes.