Firefox 3.6.2 Released Ahead of Schedule, Fixes Critical Security Vulnerability
Article by George Norman
On 23 Mar 2010
Firefox 3.6.2 was scheduled to be released at the end on the month, on the 30th of March. The development team at Mozilla did not stick to that timetable and released Firefox 3.6.2 ahead of schedule. If you’re already using Firefox 3.6, you should get an automated update prompt; alternatively you can update manually by clicking Help -> Check for Updates.

“Mozilla has accelerated its timetable and released Firefox 3.6.2 ahead of schedule. We urge users to promptly update to this release,” said the Mozilla Security team.

Advertising

From a security point of view, you are very well advised to update to Firefox 3.6.2. This latest version of the Mozilla-developed browser comes with a fix for the critical vulnerability uncovered by Russian security expert with Intevydis, Evgeny Legerov. He uncovered a buffer overflow that affects Firefox 3.6 (just Firefox 3.6, not earlier versions) that if exploited by a person with malicious intent could allow that person to remotely take control of the targeted machine.

Even though Evgeny Legerov announced the vulnerability late this February, it was just recently that he responded to Mozilla’s questions about the vulnerability. Because Evgeny Legerov simply announced the vulnerability without providing Mozilla with a proof-of-concept or steps to reproduce the vulnerability, Mozilla could not confirm if the vulnerability is genuine.

Now that Firefox 3.6.2 is out, the vulnerability in question is plugged. And Mozilla has provided a few details about it. Here is how MFSA 2010-08 describes the vulnerability:

“The WOFF decoder contains an integer overflow in a font decompression routine. This flaw could result in too small a memory buffer being allocated to store a downloadable font. An attacker could use this vulnerability to crash a victim's browser and execute arbitrary code on his/her system.”

If you would like to download Firefox 3.6.2, the software is available free of charge to Windows, Mac OS X and Linux users
here.




Tags: Mozilla, Firefox, Firefox 3.6.2, Security, Intevydis
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
By George Norman on 24 Jul 2017
As someone who has been using Firefox day-to-day for a very – VERY – long time, I’ve grown to know a lot about Mozilla’s web browser. As such, I thought it a good idea to share part of my knowledge with you and highlight 10 tips & tricks that I’m sure you’ll find very useful.
By George Norman on 14 Aug 2017
Firefox Send works with any modern web browser (not just Mozilla’s own), it lets you safely send files up to 1GB in size, and using it is a fairly simple process, as you can see in this how-to guide.
By George Norman on 02 Aug 2017
Voice Fill uses spoken language to enter queries into search engines. Notes is a built-in notepad that you can use to jot down ideas. And Send lets you send encrypted, self-destructing files over the internet.
By George Norman on 21 Jun 2017
Last fall, Mozilla released Firefox Focus, a fast mobile browser that blocks ads and trackers. Previously only available for iOS, this privacy-oriented browser is now available for Android too.
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
Firefox 3.6.2 Released Ahead of Schedule, Fixes Critical Security Vulnerability
HTML Linking Code