Mozilla: Install 'critical' Firefox fix now

Discussion in 'other software & services' started by hawki, Mar 23, 2010.

Thread Status:
Not open for further replies.
  1. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    1,957
    Location:
    DC Metro Area
    Firefox 3.6.2 available now.

    The Firefox 3.6.2 update fixes a critical bug in a font decompression routine that could be exploited to "crash a victim's browser and execute arbitrary code on his/her system", Mozilla said in a security advisory.

    Mozilla had been under pressure to fix the bug, after it was included by Russian security researcher Evgeny Legerov last month in his VulnDisco hacking tool, which is sold as an add-on to the Canvas penetration testing kit. The Firefox team had expected to fix the issue next week, but decided to rush out an earlier update, apparently out of concern that Legerov's code could be misused.

    http://www.computerworlduk.com/technology/internet/applications/news/index.cfm?newsid=19507

    Firefox 3.6.2 download here:

    http://www.mozilla.com/en-US/firefo...gsnippet&utm_content=up7&utm_campaign=s100509
     
  2. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,976
    Location:
    U.S.A.
  3. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,976
    Location:
    U.S.A.
     
  4. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Those flaws were fixed. More will be found. True for FF. True for ALL browsers. When it comes to browser security, it's only possible to live happily ever after on a day to day basis.

    FF-running-in-DropMyRights + Noscript + Safeonline constitute 99.9% bullet proof security. For the remaining 0.1% -- weekly disk image.
     
Loading...
Thread Status:
Not open for further replies.