OS/Platform/Application:

Mozilla Firefox - all versions

Category: ALERT
Severity: HIGH
Attention: Firefox users, Windows system Administrators, Desktop Support Personnel.

Summary: Multiple Internet Security resources are currently reporting the existence of a vulnerability in the popular Firefox web browser.  At the time of this writing (8:00 AM 7/19/08) details of the vulnerability are sparse but all versions including version 3, released on 7/18/08) appear to be vulnerable.  Exploitation of the vulnerability requires user interaction in the form of visiting a maliciously-crafted website*, clicking a malicious link, etc.  Successful exploitation could result in takeover of a vulnerable computer.  No patch is currently available for this vulnerability.

Recommended Actions:  Firefox users and administrators that support systems running firefox are encouraged to use EXTREME caution when browsing the Internet with Firefox and to avoid interaction with untrusted and/or potentially malicious websites and links* until a patch for this vulnerability has been issued and installed on their computers.

*It is important to note that recent research into the nature and trends of maliciously-crafted sites shows the majority of websites hosting maliciously-crafted software are ones users presume to be "legitimate" sites or advertisements for well-known and/or trusted products.

ITS Actions: N/A

Resources:

TippingPoint Advisory:
http://dvlabs.tippingpoint.com/blog/2008/06/18/vulnerability-in-mozilla-firefox-30

Secunia Advisory:
http://secunia.com/advisories/30761/

FrSIRT Advisory:
http://www.frsirt.com/english/advisories/2008/1873