According to the Mozilla foundation that released the new browser, the software was downloaded 8.3 million times in its first 24 hours of release starting Tuesday morning.

The downloads were so popular that they initially crashed the servers running the operation. At their busiest, the servers were handling more than 9,000 downloads per minute and within five hours had surpassed the initial daily download of 1.6 million set by Firefox 2.0 in October 2006. But the success was tempered by reports from a software security company that Firefox 3.0 contained a serious security flaw! Within five hours after the official release, security tool vendor TippingPoint noted a “critical vulnerability” affecting Firefox 3.0 and 2.0 and reported it to Mozilla. (remark by publisher: I’m not aware of security flaws being reported before on FF 2.0 - so they found that in just 2.0 just now???)

Mozilla on its security blog stated that, “There is no public exploit, the details are private, and so the current risk to users is minimal. We are investigating the issue. At Mozilla we appreciate any report of security issues because that is how we make the browser stronger and more secure. The best way to keep Firefox users safe is to report the issues directly to Mozilla as TippingPoint has chosen to, and to wait to release details until a fix is available.

From the Tipping Point Blog

What we can confirm is that about five hours after the official release of Firefox 3.0 on June 17th, our Zero Day Initiative program received a critical vulnerability affecting Firefox 3.0 as well as prior versions of Firefox 2.0.x. We verified the vulnerability in our lab, acquired it from the researcher, then promptly reported the vulnerability to the Mozilla security team shortly after. Successful exploitation of the vulnerability could allow an attacker to execute arbitrary code. Not unlike most browser based vulnerabilities that we see these days, user interaction is required such as clicking on a link in email or visiting a malicious web page.

While Mozilla is working on a fix, we wont be divulging anything else until a patch is available, adhering to our vulnerability disclosure policy. Once the issue is patched, we’ll be publishing an advisory here. Working with Mozilla on past security issues, we’ve found them to have a good track record and expect a reasonable turnaround on this issue as well.

Source /Credits: Mozilla