BürgerCERT, Germany’s government information security organization, is recommending that Web users NOT use the Firefox browser until Mozilla fixes a vulnerability in it March 30. No malicious use has been found yet, however a researcher posted proof-of concept code for exploiting the previously unknown vulnerability. A malicious operator could use the vulnerability to run arbitrary code. Mozilla is expected to post version Firefox 3.6.2 to fix the problem.
In January, the governments of France and Germany urged users to stop using Microsoft’s Internet Explorer browser until the company fixed the vulnerability that was blamed, at least in part, for the attacks from China on Google and more than two dozen other companies.
Web users who continue to use Firefox have been warned to avoid dodgy web sites that could use the vulnerability to compromise their machines.
BürgerCERT warning here.
Machine translation: “Due to one the Mozilla Foundation confidentially announced security hole recommends the citizen CERT the use of alternative browsers, until the Mozilla Firefox version 3.6.2 is published. The current publication plan of Firefox 3.6.2 sees a supply on Tuesday, 30. March 2010 before.”
Well, you kind of get the picture.
Register news story here.