The flaw, reported by application delivery solutions provider Radware, could result in a denial-of-service condition if a user is successfully led to the exploit website, the company said in a news release.
The bug is caused by a null pointer dereference error in Firefox's content layout component, according to the Mozilla Security Blog. This means that when an application dereferences a pointer, or a programming language data type that points to an object, it expects it to be valid -- but on a malicious page it would be null.
While Radware says an exploit would lead to the loss of any unsaved information, Mozilla said it includes a feature in Firefox that restores the browser if it crashes, likely resulting in the restoration of any data.
Mozilla said it has assigned a "low" severity rating to the bug and will continue to investigate.
Firefox 3 was released in June.