Mozilla: Install 'critical' Firefox fix now

Firefox 3.6.2 available now.

The Firefox 3.6.2 update fixes a critical bug in a font decompression routine that could be exploited to "crash a victim's browser and execute arbitrary code on his/her system", Mozilla said in a security advisory.

Mozilla had been under pressure to fix the bug, after it was included by Russian security researcher Evgeny Legerov last month in his VulnDisco hacking tool, which is sold as an add-on to the Canvas penetration testing kit. The Firefox team had expected to fix the issue next week, but decided to rush out an earlier update, apparently out of concern that Legerov's code could be misused.

http://www.computerworlduk.com/technology/internet/applications/news/index.cfm?newsid=19507

Firefox 3.6.2 download here:

http://www.mozilla.com/en-US/firefo...gsnippet&utm_content=up7&utm_campaign=s100509

 

Those flaws were fixed. More will be found. True for FF. True for ALL browsers. When it comes to browser security, it's only possible to live happily ever after on a day to day basis.

FF-running-in-DropMyRights + Noscript + Safeonline constitute 99.9% bullet proof security. For the remaining 0.1% -- weekly disk image.