News 

Tipping Point is not releasing details until Mozilla has had time to issue a patch, however, it claims the critical vulnerability could allow an attacker to execute arbitrary code should they visit a malicious website or click or a link.

The flaw also affects Firefox 2.

The report came through the company's controversial Zero Day initiative, which rewards researchers for discovering security flaws in software.

"At Mozilla we appreciate any report of security issues because that is how we make the browser stronger and more secure," it said on its security blog. "The best way to keep Firefox users safe is to report the issues directly to Mozilla as TippingPoint has chosen to, and to wait to release details until a fix is available."