Russian security researcher going by the alias Azafran has discovered a flaw in Mozilla Suite and Firefox Web browsers that could potentially put users at risk from the disclosure of arbitrary heap memory.
Security firm Secunia has posted a Arbitrary Memory Exposure Test written using the proof of concept code developed by Azafran. Current versions of Mozilla (1.7.6) and Firefox 1.0.1 and 1.0.2 are presently vulnerable to this exploit.
Mozilla’s bug tracking system, Bugzilla, labels the flaw “critical.” A patch is listed as having been posted on the Bugzilla site late on April 1, though it is unclear whether or not that patch has been “pushed” to end users.
Just last week, the Mozilla foundation announced that is had paid out $6,000 in so called “bug bounties” to developers for finding flaws in Mozilla applications. The aim of the program is to enlist and reward the community for helping Mozilla to secure its applications.