Code to attack the Firefox browser was published on several web sites yesterday, prompting the Mozilla Foundation to announce that they will issue a bug fix as part of the version 3.0.8 release of the browser next week. The vulnerability, described as a XSL Parsing ‘root’ XML Tag Remote Memory Corruption Vulnerability, is considered critical by Firefox developers. As Macworld says, “By tricking a victim into viewing a maliciously coded XML file, an attacker could use this bug to install unauthorized software on a victim’s system. This kind of Web-based malware, called a drive-by download, has become increasingly popular in recent years.”
