Firefox hit by critical zero-day vulnerability

Filed Under: Malware, Vulnerability

Mozilla has issued a warning that its popular Firefox browser contains a critical vulnerability that is being actively exploited by cybercriminals to distribute malware.

The vulnerability, which was previously unknown, is said to affect versions 3.5 and 3.6 of Firefox.

Security firm Norman reported that the Nobel Peace Prize website was distributing a Trojan horse via the exploit yesterday, although it's obviously possible that other websites may also be serving up the vulnerability in an attempt to infect visiting users.

Sophos is issuing protection against the malware as Troj/Belmoo-A.

Mozilla says it is working on a fix, but in the meantime Firefox users might be wise to turn JavaScript off and use the popular NoScript addon.

NoScript is a great idea - I'd never use Firefox without it, and neither should you.


You might like

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley