Firefox Fix Due Next Week After Attack Is Published
Robert McMillan writes on PC World:
Online attack code has been released targeting a critical, unpatched flaw in the Firefox browser.More here.
The attack code, written by security researcher Guido Landi was published on several security sites Wednesday, sending Firefox developers scrambling to patch the issue. Until the flaw is patched, this code could be modified by attackers and used to sneak unauthorized software onto a Firefox user's machine.
Mozilla developers have already worked out a fix for the vulnerability. It's slated to ship in the upcoming 3.0.8 release of the browser, which developers are now characterizing as a "high-priority firedrill security update," thanks to the attack code. That update is expected sometime early next week.
"We... consider this a critical issue," said Mozilla Director of Security Engineering Lucas Adamski in an email.
The bug affects Firefox on all operating systems, including Mac OS and Linux, according to Mozilla developer notes on the issue.