Mozilla was contacted by Evgeny Legerov, the security researcher who discovered the bug referenced in the Secunia report, with sufficient details to reproduce and analyze the issue. The vulnerability was determined to be critical and could result in remote code execution by an attacker. The vulnerability has been patched by developers and we are currently undergoing quality assurance testing for the fix. Firefox 3.6.2 is scheduled to be released March 30th and will contain the fix for this issue. As always, we encourage users to apply this update as soon as it is available to ensure a safe browsing experience. Alternatively, users can download Release Candidate builds of Firefox 3.6.2 which contains the fix from here: https://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/3.6.2-candidates/build3/
Update: To clarify, as originally claimed this issue affects Firefox 3.6 only and not any earlier versions. Thunderbird and SeaMonkey are based on earlier versions of the browser engine and are not affected. People testing “3.7” development builds should upgrade to 3.7 alpha 3 or the latest nightly build to ensure they have this fix.
Concerned User
wrote on
emv x man
wrote on
Lucas Adamski
wrote on
freddy
wrote on
Jesse Ruderman
wrote on
Julia
wrote on
Daniel Veditz
wrote on
Cat
wrote on
Concerned User
wrote on
devpreview user
wrote on
XtC4UaLL
wrote on
graham wellbone
wrote on
Ilja Sekler
wrote on
emv x man
wrote on
cubefox
wrote on
Happy Firefox User
wrote on
H
wrote on
Concerned User
wrote on
Marc
wrote on
Anon
wrote on
Bertrand
wrote on
Alhazred
wrote on
catilley1092
wrote on
Concerned User
wrote on
Lawrence
wrote on
Daniel Veditz
wrote on
whatever
wrote on
Daniel Veditz
wrote on
Daniel Veditz
wrote on
Concerned User
wrote on
Robert Carnegie
wrote on
Norman Burns
wrote on
David Dows
wrote on
Nhs
wrote on
security war
wrote on
Daniel Veditz
wrote on
Natanael L
wrote on
Tomawoz
wrote on
happf_FF_user
wrote on
Dave
wrote on