Highly critical vulnerability in FF 3.6
Firefox 3.6 suffers from unpatched "highly critical" vulnerability | Hardware 2.0 | ZDNet.com
A vulnerability has been uncovered in Firefox 3.6.x. This bug is rated as highly critical by Secunia.
Details are sketchy, and there’s no official word from Mozilla yet. Here’s what Secunia has on the bug:
Description
A vulnerability has been reported in Mozilla Firefox, which can be exploited by malicious people to compromise a user’s system.
The vulnerability is caused due to an unspecified error and can be exploited to execute arbitrary code.
The vulnerability is reported in version 3.6. Other versions may also be affected.
Solution
Do not visit untrusted websites or follow untrusted links.
UPDATE: check your versions.
Mozilla has released fixes for five security holes in older versions of Firefox, while a security company has warned of a zero-day flaw in the latest version of the popular browser.
On Wednesday, Mozilla issued patches for versions
3.5.8 and 3.0.18 of the browser, sending out fixes for the latter even though it had said it would stop supporting Firefox 3.0 in January.
In its security bulletin, the company said the vulnerabilities had previously been
resolved in Firefox 3.6, which was launched on 21 January.
The five flaws addressed by Mozilla included three the company rated 'critical'. These three flaws involve an error in handling out-of-memory conditions; stability errors in the Gecko rendering engine; and a bug in the way Mozilla's implementation of web workers handles posted messages, Mozilla said. Web workers are used to carry out scripting tasks in a way that reduces the processing load on the user interface.........
source:
http://news.zdnet.com/2100-9595_22-3...ml?tag=nl.e550
LinkBack URL
About LinkBacks
Firefox 3.6 critical vulnerability- await update. 
Reply With Quote