TippingPoint said a researcher submitted a critical vulnerability affecting Firefox 3.0 to its Zero Day Initiative just five hours after Mozilla released the updated open source browser Tuesday.
In a blog post Wednesday, TippingPoint said its researchers verified the vulnerability in its lab and quickly reported the flaw to Mozilla’s security team. The flaw could allow an attacker to execute arbitrary code, but a user would need to click on a link in an email or visit a malicious Web page, according to TippingPoint. The vulnerability also affects prior versions of Firefox 2.0.x.
The company, a division of 3Com Corp., said it won’t release any other information about the vulnerability until a patch is available. Mozilla is working on a fix. TippingPoint’s Zero Day Initiative pays researchers for verified vulnerabilities.