{"id":386,"date":"2010-10-26T14:30:24","date_gmt":"2010-10-26T21:30:24","guid":{"rendered":"http:\/\/blog.mozilla.org\/security\/?p=386"},"modified":"2010-10-27T22:23:02","modified_gmt":"2010-10-28T05:23:02","slug":"critical-vulnerability-in-firefox-3-5-and-firefox-3-6","status":"publish","type":"post","link":"https:\/\/blog.mozilla.org\/security\/2010\/10\/26\/critical-vulnerability-in-firefox-3-5-and-firefox-3-6\/","title":{"rendered":"Critical vulnerability in Firefox 3.5 and Firefox 3.6"},"content":{"rendered":"

Update <\/strong>(Oct 27, 2010 @ 20:12):<\/strong>
\nA fix for this vulnerability has been released for Firefox and Thunderbird users.<\/p>\n

Firefox 3.6.12 and 3.5.15 security updates now available<\/a>
\nThunderbird 3.1.6 and 3.0.10 security updates now available<\/a><\/p>\n

Issue:<\/strong>
\nMozilla is aware of a critical vulnerability affecting Firefox 3.5 and Firefox 3.6 users. We have received reports from several security research firms that exploit code leveraging this vulnerability has been detected in the wild.<\/p>\n

Impact to users:<\/strong>
\nUsers who visited an infected site could have been affected by the malware through the vulnerability. The trojan was initially reported as live on the Nobel Peace Prize site, and that specific site is now being blocked by Firefox’s built-in malware protection. However, the exploit code could still be live on other websites.<\/p>\n

Status:<\/strong>
\nWe have diagnosed the issue and are currently developing a fix, which will be pushed out to Firefox users as soon as the fix has been properly tested.<\/p>\n

In the meantime, users can protect themselves by doing either of the following:<\/p>\n