Mozilla Patches Firefox Flaw In 48 Hours

Mozilla has released a patch for a zero-day vulnerability in its Firefox web browser, 48 hours after it was discovered.

The Firefox security flaw was used by attackers to run a drive-by-download attack on Firefox users visiting the Nobel Peace Prize website, The Register explains.

A malicious code was planted on the website that redirected the users to another website controlled by the hackers that contained an exploit based on JavaScript. The exploit was being used by the hackers to download and install a Trojan virus on a Windows PC.

However, the company has released the Firefox 3.6.12 update, thereby plugging the vulnerability.

The open source software maker has credited the discovery of the vulnerability to security firm Telenor. The flaw did not affect the Firefox 4 beta version of the web browser, Mozilla has said.

Daniel Veditz, a security expert with Firefox, wrote on a blog post on Tuesday: “Firefox 4 beta users appear safe for the moment. he underlying problematic code does exist, but other code changes since Firefox 3.6 seem to be shielding us from the vulnerability.”