Mozilla Releases New Update to Firefox

Mozilla has released a critical updated version of its Firefox Web browser one week before the schedule in the wake of security flaws detected in its 3.6 version, which could be exploited to launch malicious attacks on the browser.

It is to be noted that Firefox 3.6.2 was scheduled to be launched at the end of March 2010, but now it is already available and could be downloaded from the website of Mozilla.

Mozilla's security advisory page reveals that total 10 vulnerabilities have been fixed in Firefox 3.6.2. However, details of a minimum of three have already been released before those versions were patched by the company. These flaws had also affected the previous versions - Firefox 3.0 and Firefox 3.5.

As per the reports, the latest update fixes a zero-day vulnerability in version 3.6, which could allow hackers to crash into a user's PC by means of remote code execution, run malware or take complete control of user's PC.

The security flaw was discovered for the first time by Evgeny Legerov of Intevydis in February 2010. It occurred as the consequence of an integer overflow flaw in WOFF decoder. The vulnerability could lead to a memory buffer that is too small to even store a downloadable font that could easily be exploited by cybercriminals to trigger malicious attacks.

Mozilla stated that open source Firefox browser versions previous to 3.6 are resistant to this vulnerability as they do not depend on the targeted WOFF decoder.

Mozilla has reportedly been under immense pressure to issue a patch against this vulnerability. For instance, computer security agency of the German government urged users on March 19, 2010 to discard Firefox until a patch is available. But following the release of Firefox 3.6.2 by Mozilla, Buerger-CERT, part of the Federal Office for Security in Information Technology, retracted its recommendation to the users on March 23, 2010.

Mozilla advised Firefox users to get the new version installed on their PCs as early as possible. The developer of the software stated that it has patched the vulnerability that facilitates remote access to a PC along with many other security flaws.

Related article: Mozilla Rules Out Bug in Its Firefox

» SPAMfighter News - 4/1/2010