Zero-day exploit for Firefox causes malware storm

Firefox - tough times
Firefox - tough times

Firefox users have been warned that they could be hit with malware, after Mozilla confirmed that a new zero-day exploit is being used by cyber criminals.

The latest critical vulnerability is believed to affect version 3.5 and 3.6 of the Firefox browser, and has already provided opportunity to malware makers.

According to Graham Cluley's Sophos blog, the Nobel Peace Prize website is one of the most notable victims of the problem – and has been propagating a Trojan.


"Security firm Norman reported that the Nobel Peace Prize website was distributing a Trojan horse via the exploit yesterday, although it's obviously possible that other websites may also be serving up the vulnerability in an attempt to infect visiting users," said Cluley.

"Mozilla says it is working on a fix, but in the meantime Firefox users might be wise to turn JavaScript off and use the popular NoScript addon."

Mozilla has confirmed that it is hard at work on a solution to what will be an embarrassing and potentially damaging threat.

Aware of it

"Mozilla is aware of a critical vulnerability affecting Firefox 3.5 and Firefox 3.6 users. We have received reports from several security research firms that exploit code leveraging this vulnerability has been detected in the wild," said Mozilla

"Users who visited an infected site could have been affected by the malware through the vulnerability…the exploit code could still be live on other websites.

"We have diagnosed the issue and are currently developing a fix, which will be pushed out to Firefox users as soon as the fix has been properly tested."

Patrick Goss

Patrick Goss is the ex-Editor in Chief of TechRadar. Patrick was a passionate and experienced journalist, and he has been lucky enough to work on some of the finest online properties on the planet, building audiences everywhere and establishing himself at the forefront of digital content.  After a long stint as the boss at TechRadar, Patrick has now moved on to a role with Apple, where he is the Managing Editor for the App Store in the UK.