OS/Platform/Application:

Mozilla FireFox 3.5

Category: ALERT
Severity: HIGH
Attention: Firefox users, System Administrators, Desktop Support Personnel

Summary: Numerous Internet security resources are reporting the existence of a newly-discovered vulnerability in Mozilla Firefox 3.5.  Details of the vulnerability are sparse at the time of this writing but it appears to be related to a memory corruption error following the handling of JavaScript and/or other web page elements.  The most likely mechanism of exploit for this vulnerability is the viewing of a maliciously-crafted web page.

Recommended Actions: At the time of this writing (7:50 AM 7/14/09) no patch or workaround has been provided from the vendor to address this issue.  Readers using Firefox 3.5 are encouraged to avoid the viewing of untrusted web pages, to avoid the following of web page links embedded in emails, instant messages, etc, and to update their antivirus software as soon as possible.

Readers are encouraged to share this alert with family, friends, and associates.

ITS Actions: N/A

Resources:

Vupen Advisory:
http://www.vupen.com/english/advisories/2009/1868

Secunia Advisory:
http://secunia.com/advisories/35798/