In association with heise online

22 March 2010, 09:02

Security hole fixed in Firefox 3.6

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Firefox A fix is now available for a security hole that was discovered in Firefox 3.6 under Windows in early February. According to Mozilla's blog, the fix will be included in version 3.6.2, which is scheduled for release on the 30th of March. Those who don't want to wait can install the current beta of this version.

The exploit allows remote attackers to take control of a PC. Secunia's advisories rate the problem as highly critical, while the German BürgerCERT recommends using a different browser until the problem has been fixed.

The security hole became apparent when Russian security firm Intevydis provided their customers with a Windows exploit for the hole. Intevydis sell their knowledge and don't freely share the details of security holes they discover with the developers of the affected products. This explains why it has taken so long to fix the Firefox problem. Evgeny Legerov, who discovered the hole, had initially bragged about his discovery without mentioning any details, although he did contact the Mozilla developers later on.

See also:

(crve)

Print Version | Send by email | Permalink: http://h-online.com/-960050
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit