Exploit code sends Mozilla scrambling to fix Firefox

[ UPDATE:  Mozilla has shipped a patch for this vulnerability ]

Mozilla's security response team is scrambling to ready a patch for what appears to be a serious security flaw affecting its flagship Firefox browser.

The vulnerability, released alongside proof-of-concept code on several security sites, could lead to malicious code execution attacks if a Firefox user is lured to a Web site rigged with exploits.  It affects all versions of the open-source browser, including the newest Firefox 3.0.7.

According to this advisory, the issue a boundary condition error.

• An attacker can exploit this issue to execute arbitrary code within the context of the affected browser. Failed exploit attempt will result in a denial-of-service condition.

Mozilla has started an investigation of the issue, which is described in a bug report as "critical."

• Exploit code at the link iframes a little xml file with an xslt transform that causes a crash reliably on 3.0 branch and trunk (and presumably 1.9.1, didn't test). Null, but it's being called, assuming the worst for the moment.

Rob McMillan is reporting that Firefox 3.0.8 will be released sometime next week with a fix for this vulnerability.

[ UPDATE:  Mozilla has shipped a patch for this vulnerability ]