Update on Critical Firefox 3.6 Vulnerability Uncovered by Russian Researcher
Article by George Norman
On 22 Mar 2010
Late this February we were reporting that Firefox 3.6, the latest and greatest version in the Firefox range, is plagued by a critical security vulnerability - that's the rating given to it by Secunia , Danish company that specializes in providing software for vulnerability management and is best known for tracking the latest security threats and offering info about patches.

The vulnerability in question was discovered by a Russian security expert from Intevydis, company that made it available to their customers - Intevydis, develops the commercial VulnDisco add-on for the Canvas exploit toolkit by vendor Immunity.

Advertising

According to Intevydis developer Evgeny Legerov, the vulnerability in question is a buffer overflow vulnerability that can be used to remotely take control of the targeted machine. Sounds bad, I know. The good news is that only Firefox 3.6 is affected and only the Windows version – the Mac OS X and Linux versions are fine.

When news of this vulnerability broke out, Mozilla announced that it cannot confirm the vulnerability is genuine as it did not receive any details about it. For example a proof-of-concept or steps to reproduce the vulnerability in question would have been helpful. Furthermore, the security researcher that uncovered the vulnerability, Evgeny Legerov, failed to respond to Mozilla’s requests for more information – until now that is.

About a month after spreading the word that Firefox 3.6 is plagued by a critical security vulnerability, Evgeny Legerov has finally contacted Mozilla.

“Mozilla was contacted by Evgeny Legerov, the security researcher who discovered the bug referenced in the Secunia report, with sufficient details to reproduce and analyze the issue. The vulnerability was determined to be critical and could result in remote code execution by an attacker. The vulnerability has been patched by developers and we are currently undergoing quality assurance testing for the fix. Firefox 3.6.2 is scheduled to be released March 30th and will contain the fix for this issue. As always, we encourage users to apply this update as soon as it is available to ensure a safe browsing experience,” explained Mozilla.

Again, only Firefox 3.6 is affected; previous versions are not affected by this vulnerability. The upcoming Firefox 3.6.2 version is not affected as well – the downside is that for now you can only get a release candidate build of Firefox 3.6.2 – click here.



Tags: Mozilla, Firefox, Firefox 3.6, Security, Intevydis
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
By George Norman on 24 Jul 2017
As someone who has been using Firefox day-to-day for a very – VERY – long time, I’ve grown to know a lot about Mozilla’s web browser. As such, I thought it a good idea to share part of my knowledge with you and highlight 10 tips & tricks that I’m sure you’ll find very useful.
By George Norman on 14 Aug 2017
Firefox Send works with any modern web browser (not just Mozilla’s own), it lets you safely send files up to 1GB in size, and using it is a fairly simple process, as you can see in this how-to guide.
By George Norman on 02 Aug 2017
Voice Fill uses spoken language to enter queries into search engines. Notes is a built-in notepad that you can use to jot down ideas. And Send lets you send encrypted, self-destructing files over the internet.
By George Norman on 21 Jun 2017
Last fall, Mozilla released Firefox Focus, a fast mobile browser that blocks ads and trackers. Previously only available for iOS, this privacy-oriented browser is now available for Android too.
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
Update on Critical Firefox 3.6 Vulnerability Uncovered by Russian Researcher
HTML Linking Code