Mozilla developers are scrambling to fix a new Firefox browser bug being used by criminals to install malicious software on victims' computers. Mozilla developers are scrambling to fix a new Firefox browser bug being used by criminals to install malicious software on victims’ computers.The flaw was uncovered Tuesday by security vendor Norman, which said that it learned of the bug after analyzing attack code surreptitiously installed on the Nobel Peace Prize website. “If a user visited the Nobel Prize site while the attack was active early Tuesday using Firefox 3.5 or 3.6, the malware might be installed on the user’s computer without warning,” Norman said in a press release.In a blog posting, Mozilla confirmed that the attack exploited a previously unpatched flaw, and said it had heard from “several security research firms” that this attack code has been used on the Internet.“We have diagnosed the issue and are currently developing a fix, which will be pushed out to Firefox users as soon as the fix has been properly tested,” Mozilla said in its blog post. Mozilla said that the bug affects Firefox 3.5 and 3.6, on all supported platforms — Windows, Linux and Mac OS X. According to Norton, the attack seen on the Nobel Peace Prize website targets Windows. It installs a Trojan program that can then be used by attackers to download more malicious software and essentially take control of the victim’s computer.The attack does not appear to be widespread at this point. “This vulnerability appears to have been used in one targeted attack and Symantec hasn’t seen anything else in terms of exploitation at this time,” a spokesman with the antivirus company said via instant message.Users who want to protect themselves against the attack can disable JavaScript in Firefox by locating the checkbox under the Tools drop-down menu in the Options Content tab. Users can instead install the NoScript add-on, Mozilla said.Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert’s e-mail address is robert_mcmillan@idg.com Related content news New Trojan ZenRAT masquerades as Bitwarden password manager A report by Proofpoint identifies the new Trojan as undocumented and possessing information-stealing capabilities. By Lucian Constantin Sep 28, 2023 4 mins Cyberattacks Cyberattacks Cyberattacks news UK Cyber Security Council CEO reflects on a year of progress Professor Simon Hepburn sits down with broadcaster ITN to discuss Council’s work around cybersecurity professional standards, careers and learning, and outreach and diversity. By Michael Hill Sep 27, 2023 3 mins Government Data and Information Security Security Practices news FIDO Alliance certifies security of edge nodes, IoT devices Certification demonstrates that products are at low risk of cyberthreats and will interoperate securely. By Michael Hill Sep 27, 2023 3 mins Certifications Internet Security Security Hardware news analysis Web app, API attacks surge as cybercriminals target financial services The financial services sector has also experienced an increase in Layer 3 and Layer 4 DDoS attacks. By Michael Hill Sep 27, 2023 6 mins Financial Services Industry Cyberattacks Application Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe