Just over a week after Mozilla Firefox released its update, Firefox 3.6.2, another security update release just came up to fix a critical security flaw. Firefox 3.6.3 now addresses the issue which came to attention by a security researcher, Nils of MWR InfoSecurity, during a contest sponsored by TippingPoint’s Zero Day Initiative. In the contest, 2010 Pwn2Own, Nils discovered a memory corruption flaw that opens up a hole for remote code execution.
The Firefox 3.6.2 dealt with several critical security issues including one found by Evgeny Legerov of Intevydis. The security flaw that Legerov reported was a WOFF heap corruption due to integer overflow which lets an attacker remotely crash a user’s browser and run an arbitrary code. Aside from this, over 110 bugs have been reported to be fixed by the makers of Firefox. Although the security upgrade to Version 3.6.2 was scheduled for a much later date, Mozilla decided to release it ahead of the schedule.
This new security update is available for download at Mozilla’s Home page. Mozilla also advises its Firefox users to update their browser as soon as they can to ensure the security of their browsing experience.