OS/Platform/Application:

Mozilla Firefox
Mozilla SeaMonkey

Category: ALERT
Severity: HIGH
Attention: Firefox/SeaMonkey Users, System Administrators, Desktop Support Personnel

Summary: Internet security resources are reporting the existence of a recently-discovered vulnerability in Mozilla FireFox and SeaMonkey.  The vulnerability deals with the handling of Extensible Stylesheet Language Transformations.  The most likely mechanism of exploit for this vulnerability is the visitation of a maliciously-crafted website.  Mozilla has acknowledged the vulnerability and identified a fix.  According to Internet security resources this fix will likely be incorporated into FireFox 3.0.8, which (according to the vendor) will be released on March 30 or April 1.  At the time of this writing (2:10 PM March 26 2009) no evidences of in-the-wild exploitation for this vulnerability have been reported.

Recommended Actions: Firefox/SeaMonkey users, system administrators, and support personnel are encouraged to use elevated levels of caution when browsing unknown or untrusted websites via Firefox (or SeaMonkey) until the update has been made available and installed.

Readers are encouraged to share this alert with family, friends, and associates.

ITS Actions: N/A

Resources:

SecurityFocus Advisory:
http://www.securityfocus.com/bid/34235/