Firefox 3.6.12 Fixes Critical Vulnerability
Article by George Norman
On 28 Oct 2010
UPDATE: several security firms have announced that exploit code leveraging this vulnerability has been detected in the wild. Mozilla, upon being notified by these security firms, created, tested, and released a fix within 48 hours of the first notification. Code leveraging the vulnerability was initially discovered on the Nobel Peace Prize site. Since exploit code for the vulnerability is out there, users are advised to update their Firefox browser as soon as possible.

If you are currently on Mozilla’s Firefox 3.6 browser, you are well advised to update to the latest version, which is version 3.6.12. Why are you well advised to update to Firefox 3.6.12? For security reasons – this version fixes a critical security issue that, if exploited by a person with malicious intent, could lead to remote code execution. Mozilla employs a 4-tier severity rating and “critical” is the most dangerous one.

Advertising

You should receive an automatic update prompt. If you did not receive one, you can manually trigger and update by clicking Help -> Check for Updates. Or you can just download the latest Firefox version by clicking here.

The critical vulnerability that Firefox 3.6.12 fixes is detailed in security advisory MFSA 2010-73. Here’s the information included in this security advisory:

Title: Heap buffer overflow mixing document.write and DOM insertion
Affected products: Firefox, Thunderbird, SeaMonkey
Description: Morten Kråkvik of Telenor SOC reported an exploit targeting particular versions of Firefox 3.6 on Windows XP that Telenor found while investigating an intrusion attempt on a customer network. The underlying vulnerability, however, was present on both the Firefox 3.5 and Firefox 3.6 development branches and affected all supported platforms.
Credit: Morten Kråkvik of Telenor SOC.

In related news, Mozilla released Firefox 3.6.11 last week. Firefox 3.6.11 is a stability and security update. For version 3.6.11 Mozilla released 9 advisories, out of which 5 carry the critical rating. The security advisories Mozilla released for Firefox 3.6.11 are as follows (the bold ones are critical):
  • MFSA 2010-72 Insecure Diffie-Hellman key exchange
  • MFSA 2010-71 Unsafe library loading vulnerabilities
  • MFSA 2010-70 SSL wildcard certificate matching IP addresses
  • MFSA 2010-69 Cross-site information disclosure via modal calls
  • MFSA 2010-68 XSS in gopher parser when parsing hrefs
  • MFSA 2010-67 Dangling pointer vulnerability in LookupGetterOrSetter
  • MFSA 2010-66 Use-after-free error in nsBarProp
  • MFSA 2010-65 Buffer overflow and memory corruption using document.write
  • MFSA 2010-64 Miscellaneous memory safety hazards (rv:1.9.2.11/ 1.9.1.14).




Tags: Mozilla, Firefox, Security, Update
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
By George Norman on 24 Jul 2017
As someone who has been using Firefox day-to-day for a very – VERY – long time, I’ve grown to know a lot about Mozilla’s web browser. As such, I thought it a good idea to share part of my knowledge with you and highlight 10 tips & tricks that I’m sure you’ll find very useful.
By George Norman on 14 Aug 2017
Firefox Send works with any modern web browser (not just Mozilla’s own), it lets you safely send files up to 1GB in size, and using it is a fairly simple process, as you can see in this how-to guide.
By George Norman on 02 Aug 2017
Voice Fill uses spoken language to enter queries into search engines. Notes is a built-in notepad that you can use to jot down ideas. And Send lets you send encrypted, self-destructing files over the internet.
By George Norman on 21 Jun 2017
Last fall, Mozilla released Firefox Focus, a fast mobile browser that blocks ads and trackers. Previously only available for iOS, this privacy-oriented browser is now available for Android too.
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
Firefox 3.6.12 Fixes Critical Vulnerability
HTML Linking Code