A new flaw was discovered in Mozilla's Firefox browser on Tuesday afternoon. Although not much is known about the specific Trojan malware that is using the vulnerability to perform attacks, Mozilla has assured visitors to its Security Blog that it has diagnosed the problem and is in the process of developing a fix for it. Once the fix is developed and tested, Mozilla promises to release it to the public. The operating systems that are vulnerable are not known, but it seems as if Windows users are at a higher risk of infection.

Mozilla received news of the vulnerability from a variety of security research firms. Norman ASA, a security firm that specializes in products that provide protection for consumers, enterprise networks, and the government, was credited as being at the forefront of the discovery. Norman's Malware Detection Team in Oslo, Norway detected the new Trojan virus that takes advantage of a zero-day vulnerability in versions 3.5 and 3.6 of Firefox. The attack occurred on the Nobel Peace Prize website on Tuesday, and any users who visited the site around that time period could have had the Trojan installed on their computers unknowingly.

Norman stated that once the Trojan was installed, it would then attempt to connect two Internet addresses that point to a Taiwanese server. Once a successful connection between the addresses was established, the hacker would gain access to the compromised computer. Norman warned that although the infection has been linked to the Nobel Peace Prize website, there could be other websites that are infected as well, that would pose a similar threat. While customers using Norman's antivirus products are protected from the attacks, other web users are urged to exercise caution while surfing the Internet.

Since Firefox is said to be the second most popular browser used worldwide, the number of people affected by the vulnerability could be high. A Trojan virus, if successfully installed, can give hackers unauthorized access to a computer and use it to spread the virus to other machines, send spam, steal financial data and passwords, and more. The zero-day vulnerability in Firefox 3.5 and 3.6 is a perfect opportunity for exploitation by hackers until Mozilla finds a patch to fix it.

Mozilla blocked the Nobel Peace Prize site using Firefox's integrated malware protection. Until a patch is released, Mozilla urges its users to take some preventive measures. One suggestion is to install the NoScript add-on. NoScript is free, and allows Firefox users to protect themselves by selectively allowing scripts from trusted websites to prevent zero-day exploits. Besides its selectivity when it comes to active content, NoScript also offers protection against clickjacking attempts, XSS attacks, and more. 

Another suggestion offered by Mozilla is to disable JavaScript in Firefox. This can be done by going into the Tools drop-down menu at the top of the browser and selecting Options. From there, click on the Content tab and uncheck Enable JavaScript.

For more on this topic, visit the Computerworld story.  

DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

More Web Hosting Security Articles
More By wubayou