Only hours after Mozilla launched the final of Firefox 3.0, a researcher sold a critical vulnerability in the browser to TippingPoint’s bug bounty program, the security company acknowledged Wednesday.
However, on Thursday, Mozilla downplayed the threat, telling users that the risk is “minimal.”
“There is no public exploit, the details are private, and so the risk to users is minimal,” Window Snyder, Mozilla’s chief security officer, said in an entry to a company blog.
The bug has been reported to Mozilla, TippingPoint announced in a post to a company blog. “While Mozilla is working on a fix, we won’t be divulging anything else until a patch is available,” said TippingPoint, citing policy. “Once the issue is patched, we’ll be publishing an advisory.”
This is shocking, as some have dubbed Firefox 3 as “rounder version of Safari”, which is, from an aesthetic point of view, correct. However, the inner workings are what make it so unique and new to the web browser market