Thanks to Kaspersky’s Ryan Naraine at ZDNet for tipping us to a vulnerability report of a critical vulnerability in Firefox 3.

According to TippingPoint, who bought the vulnerability from a researcher who requests to remain anonymous, the vulnerability also affects 2.x versions of Firefox.

Successful exploitation of the vulnerability could allow an attacker to execute arbitrary code. Not unlike most browser based vulnerabilities that we see these days, user interaction is required such as clicking on a link in email or visiting a malicious web page.

Perhaps the vulnerability was not found until just recently, but as Naraine speculates, more likely he/she was hoarding it until the release of Firefox 3 in order to get a bigger splash. TippingPoint has passed the report on to Mozilla and won’t provide any details until a patch is available. No working exploits are known to exist.