Mozilla promises March 30 fix for critical Firefox bug

Powered by SC Magazine
 

As German government advises residents not to use the web browser.

Mozilla plans to patch a critical vulnerability affecting the latest version of its Firefox web browser next week.

The flaw, first discovered by Russian security researcher Evgeny Legerov, could allow an attacker to remotely execute arbitrary code on an affected system.

It will be fixed with the release of Firefox 3.6.2, scheduled for March 30, Mozilla said in a blog post. The vulnerability affects only Firefox 3.6, which was released in January.

Secunia has classified the bug as “highly critical”, giving it 'four' out of five on its severity rating scale. If users do not wish to wait for the late March patch, they were advised by Mozilla to download the beta version of Firefox 3.6.2, which contains the fix.

Legerov first disclosed the vulnerability on February 1 on a message board hosted by Immunity, a US-based security assessment and penetration testing vendor. Legerov provided few details about the bug, however.

“It is a really cool bug," Legerov, founder of Moscow-based security research firm Intevydis wrote in the post. "It was an interesting challenge to find and exploit it. The exploit needs some work, but it was quite reliable in our testing.”

Meanwhile, the German Computer Emergency Response Team has warned users against using Firefox until Mozilla has provided a fix for the bug.

See original article on scmagazineus.com

Copyright © SC Magazine, US edition


Mozilla promises March 30 fix for critical Firefox bug
 
 
 
Top Stories
Innovating in the sleepy super industry
There’s little incentive to be on the bleeding edge, so why is Andrew Todd fighting so hard?
 
How technology will unify Toll
The systems headache formed through 15 years of acquisitions.
 
Immigration breached Privacy Act with data leak
Pilgrim slams "copy and paste" of asylum seeker data.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  38%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  7%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  6%
TOTAL VOTES: 836

Vote