Radware, the leading provider of integrated application delivery solutions for business-smart networking, announced it has found a vulnerability that may cause application Denial of Service (DoS) in Firefox 3, Mozilla's latest Web browser application.
Discovered by the vulnerability research team of Radware's Security Operations Center (SOC), the Firefox vulnerability could result in a system crash of the Firefox browser and the instant lost of any unsaved information. Immediate protection from this vulnerability is available as part of Radware's Security Update Service (SUS), which seeks to safeguard customer infrastructures in advance of public disclosure of the flaw.
"We recognize that Mozilla has continued to invest significantly in security features for Firefox 3; however we were able to easily detect this vulnerability through a simple fuzzing technique," said Itzik Kotler, Security Operation Center Manager, Radware. "This clearly shows that zero-minute vulnerabilities are still aggressively in the public domain, making it increasingly more evident that security requirements must stay top-of-mind when developing and releasing new networked applications."
Radware's team of researchers found that in order to exploit the vulnerability which crashes the Firefox application, a Firefox 3 user must open or surf into an HTML page crafted with a simple set of legitimate HTML tags. This can be achieved either by social engineering or can be injected into a comprised site.
Radware also determined the vulnerability affects Firefox version 3.0, as well as minor update versions (i.e. 3.0.1) version released. For more information regarding Radware's security solutions please visit: http://www.radware.com.
