Denial of service vulnerability in Firefox 3

Radware announced it has found a vulnerability that may cause application Denial of Service (DoS) in Firefox 3, Mozilla’s latest Web browser application.

Discovered by the vulnerability research team of Radware’s Security Operations Center (SOC), the Firefox vulnerability could result in a system crash of the Firefox browser and the instant lost of any unsaved information. Immediate protection from this vulnerability is available as part of Radware’s Security Update Service (SUS), which seeks to safeguard customer infrastructures in advance of public disclosure of the flaw.

Radware’s team of researchers found that in order to exploit the vulnerability which crashes the Firefox application, a Firefox 3 user must open or surf into an HTML page crafted with a simple set of legitimate HTML tags. This can be achieved either by social engineering or can be injected into a comprised site.

Radware also determined the vulnerability affects Firefox version 3.0, as well as minor update versions (i.e. 3.0.1) version released.