<div class='os_post_top_link'><a href='http://www.macworld.com/article/139642/2009/03/firefox.html?lsrc=rss_news' target='_blank'>http://www.macworld.com/article/139...l?lsrc=rss_news</a><br /><br /></div><p><em>"Online attack code has been released targeting a critical, unpatched flaw in the Firefox browser. The attack code, written by security researcher Guido Landi was published on several security sites Wednesday, sending Firefox developers scrambling to patch the issue. Until the flaw is patched, this code could be modified by attackers and used to sneak unauthorized software onto a Firefox user's machine."</em></p><p><em><img src="http://images.thoughtsmedia.com/resizer/thumbs/size/600/at/auto/1238283369.usr105634.jpg" /></em></p><p>Mozilla has the fix written and they expect to have it available for <a href="https://wiki.mozilla.org/Releases/Firefox_3.0.8" target="_blank">download</a> next week. This bug affects not only Mac OS but Linux, and can trick a user into installing unauthorized software after viewing a coded XML page. Good to know they stay on top of these things, guess that is the benefit of making these types of things public. Flip side is that it lets hackers know there is a problem they can exploit. But I guess if it was a hacker that was into this type of thing, they would already know about it.&nbsp;</p>

Interesting to note that neither Apple nor Microsoft has a patch yet for the problems found in Safari or IE8. Based on the past, it'll probably be a while before Apple patches Safari.

At least this isn't a zero-day flaw.

This (the length of time it takes to fix these problems) is a problem that Apple really needs to fix, before it's too late.