Latest Firefox Web Browser Vulnerable to 0-Day Exploit

Martin Brinkmann
Mar 26, 2009
Updated • May 28, 2017

Dante send me a tip about a 0-day exploit that affects the latest versions of the popular Firefox web browser. The exploit is described as a remote memory-corruption vulnerability that affects Firefox running on all supported operating system (Windows, Linux and Mac).

A proof of concept has been published by the security researcher, and the Mozilla team has acknowledged the existence of the vulnerability. Mozilla announced plans to rush a Firefox 3.0.8 update at the beginning of next week to fix the issue.

The Firefox exploit could be used to add software to the target system without the knowledge of the users. There is currently no solution to block this attack from being executed other than being very careful about which websites are visited in the browser.

The safest would be to switch to another web browser for the time being until Mozilla publishes a fix for the vulnerability.

The issue has already been fixed according to the bug report that was filed at the Mozilla website and is now awaiting verification. This means that it won't take long before the patched version update of Firefox is being published by Mozilla.

Update: Mozilla has fixed the vulnerability in recent versions of the browser.

Update 2: Firefox 3 is reaching the end of its life-cycle. Mozilla announced that it will end support for the browser version on April 2012. Firefox 3 won't receive any updates after this point, and users are encouraged to update to newer versions of the Firefox web browser instead.

Firefox 3 users have basically two options here. They can upgrade to a Firefox 10 Extended Support Release version, which at the time of writing is based on Firefox 10, or they can update to the Firefox stable channel, which currently is at version 11. The difference between both versions is the version increase. The stable channel's version increases all six weeks, while the ESR channel's version only every 42 weeks to a new major version.

Article Name
Latest Firefox Web Browser Vulnerable to 0-Day Exploit
A new 0-day vulnerability was discovered in the Firefox web browser recently that affects all versions of the browser for all supported operating systems.
Ghacks Technology News

Tutorials & Tips

Previous Post: «
Next Post: «


  1. Loll Brooks said on February 11, 2020 at 6:38 pm

    Can anyone help me with this please;;;

    It looks like the blocking is happening somewhere on your end as I see the 499 indexing error for

    499 errors can occur when our crawlers are denied access to your site content by Cloudflare. Please make sure to whitelist our crawler IPs at Cloudflare (under Firewall > Tools):
    Cloudflare firewall
    Here’s the list of IPs we use:

  2. Dante said on March 27, 2009 at 5:27 am

    I took a peek at the exploit listed on Firefox’s developer page. It looks like “webfriend” is right about NoScript.

    And I also browse unknown sites in a sandbox. Vista Ultimate comes with a Virtual PC that lets you run programs without saving it permanently to the Virtual PC image. And if you like what you see on the webpage in the Virtual PC, you can copy and paste it out to your normal OS.

  3. webfriend said on March 26, 2009 at 8:06 pm

    Alternatively if you have NoScript, it will probably block this exploit. Unless of course said website was hacked. OTOH you could also run your browser sandboxed and you’ll be safe!

  4. RG said on March 26, 2009 at 7:32 pm

    Further proof that the only reason a piece of software like Firefox is better is because it is open source where bugs and security issues can be resolved and perhaps be found faster.
    That does NOT automatically mean it is safer to use than the well known closed source alternatives.
    Opening a can of worms here and will be flamed for this I think ;)

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.