Security researchers at Tipping Point have found what could be the first vulnerability in the new Firefox 3.0 web browser, ranking the severity of the bug as 'high'.

Tipping Point has verified the bug and reported it to Mozilla, and Mozilla is still working on a fix. Until the fix is released, the researchers won't share details about the problem.

Despite ranked the severity of the vulnerability as high, Tipping Point said users would have to click on a link in an email or visit a malicious web page before being affected. The issue affects users of Firefox 2.0 as well as Firefox 3.0.

Once the problem is fixed, Tipping Point will publish an advisory on its website, it said.

Tipping Point found out about the vulnerability through its Zero Day Initiative, which lets researchers earn cash by submitting new vulnerabilities to the company. Once Tipping Point validates the issue, it pays the researcher for the information and notifies the relevant software vendor of the technical details.

Mozilla did not respond to a request for comment.

Related articles:

CIO News View: Why don’t blue chips love Firefox?