Mozilla was contacted by Evgeny Legerov, the security researcher who discovered the bug referenced in the Secunia report, with sufficient details to reproduce and analyze the issue. The vulnerability was determined to be critical and could result in remote code execution by an attacker. The vulnerability has been patched by developers and we are currently undergoing quality assurance testing for the fix. Firefox 3.6.2 is scheduled to be released March 30th and will contain the fix for this issue. As always, we encourage users to apply this update as soon as it is available to ensure a safe browsing experience. Alternatively, users can download Release Candidate builds of Firefox 3.6.2 which contains the fix from here: https://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/3.6.2-candidates/build3/
Update: To clarify, as originally claimed this issue affects Firefox 3.6 only and not any earlier versions. Thunderbird and SeaMonkey are based on earlier versions of the browser engine and are not affected. People testing “3.7” development builds should upgrade to 3.7 alpha 3 or the latest nightly build to ensure they have this fix.
Concerned User wrote on
emv x man wrote on
Lucas Adamski wrote on
freddy wrote on
Jesse Ruderman wrote on
Julia wrote on
Daniel Veditz wrote on
Cat wrote on
Concerned User wrote on
devpreview user wrote on
XtC4UaLL wrote on
graham wellbone wrote on
Ilja Sekler wrote on
emv x man wrote on
cubefox wrote on
Happy Firefox User wrote on
H wrote on
Concerned User wrote on
Marc wrote on
Anon wrote on
Bertrand wrote on
Alhazred wrote on
catilley1092 wrote on
Concerned User wrote on
Lawrence wrote on
Daniel Veditz wrote on
whatever wrote on
Daniel Veditz wrote on
Daniel Veditz wrote on
Concerned User wrote on
Robert Carnegie wrote on
Norman Burns wrote on
David Dows wrote on
Nhs wrote on
security war wrote on
Daniel Veditz wrote on
Natanael L wrote on
Tomawoz wrote on
happf_FF_user wrote on
Dave wrote on