Mozilla Releases Critical Fix for Firefox
Mozilla fixes a big security hole in its flagship web browser.
Monday Mozilla released an update to its Firefox Internet browser addressing a critical bug that could allow a hacker to remotely execute arbitrary code on a user's system. The company said in this blog post that the v3.6.2 patch was released ahead of schedule--this may be due to an upcoming hacking contest that targets browser vulnerabilities.
According to the company in this security advisory, researcher Evgeny Legerov of Intevydis reported that the WOFF decoder contains an integer overflow in a font decompression routine. The flaw could result in too small a memory buffer being allocated to store downloadable font. A hacker could use this new-found vulnerability to crash the browser and allow remote code execution.
In addition to the critical update, the patch also addresses several other security and stability issues. "We strongly recommend that all Firefox users upgrade to this latest release," Mozilla said. "If you already have Firefox 3.6 you will receive an automated update notification within 24 to 48 hours. This update can also be applied manually by selecting "Check for Updates..." from the Help menu. "
It was also suggested that Firefox 3.0 and 3.5 users upgrade to the latest version.
- GameCrush Lets You Hire a Girl to Play With You
- Apple Starts Selling iPhones Off-Contract
- GPU Cooling Mod Cures Xbox 360 RRoD Problem
- VIDEO: George Takei Blown Away by 4-color TV
- Bill Gates, Toshiba Team Up On Nuclear Reactor
- Apple Stealing Game Market Share From DS, PSP
- Norton Reveals the Riskiest Cities for Cybercrime
- Nintendo Announces 3D Handheld, the 3DS
- Vest Doubles as an Air Pollution Detector
- Skype Finally Hits Verizon Wireless Thursday
- Virgin Galactic Completes First Test Flight
- Hulu Blocking Videos From Kylo Browser
- Scammers Take to eBay to Distribute Malware
- Opera Shows Apple a Better iPhone Web Browser
- Samsung Galaxy S Packs Super AMOLED, Android
- Microsoft: Natal Does Work in Small Living Rooms
- British Army Developing Force Field
- A Phone That Can Read Your Lips Is Coming
- Microsoft May Have Confirmed Dual-Screen Tablet
Zone alarm pro says it is not safe to download Firefox v3.6.2 from their site
) (the first time). Now it says it is ok
.
Zone alarm pro says it is not safe to download Firefox v3.6.2 from their site ) (the first time). Now it says it is ok.
People still use Zone Alarm?
When are they going to fix the memory leaks?
Too late, even though the default browser for Ubuntu 9.10 was Firefox 3.5.8 that was not affected by the bug I switched to Google Chrome for Debian/Ubuntu. Much faster.
that's what they will say about bitdefender
yea I got the update this morning after a strange firefox crash seemed suspicious so I didnt install yet.
Lol. The update was downloading just as I was reading this. Gotta go now. Need to restart firefox.
Does this happen often with firefox?
It's a shame i use to really like Firefox...seems like there having a few problems i used it for 3 years.
Recently moved to Chrome just seems a lot faster.
I think I've given up to Firefox but when I noticed that Adblock plus isn't as effective as it is in Firefox so I returned to Firefox again. It is noticeably slower than Chrome but I think I can live with that.
If you like Crome take a look at SRWare Iron. It's crome without google spying on everything you do. They simply stripped out the spying parts.
this kind of "vulnerabilities" will always exist, useless patching them
FireFox gaining more market share only prolongs the inevitable as with any software. Be-it slower, IE8 is still among the most secured for its market share size.
You can have a sealed titanium house but if you leave the door open or forget to lock it, there's no point in all that steel walls. In otherwords, you can't remove the "human" out of the equation or you can take the humans out of Stupidville but you cannot take the stupid out of humans.
[Sarcasm] Wow, I'm glad I use Internet Explorer, eh? [/Sarcasm]
If you like Crome take a look at SRWare Iron. It's crome without google spying on everything you do. They simply stripped out the spying parts.
Not true. It is true there is a box you can tick off under options that will provide statistics to Google (default is off in Linux) but that is an option.
My Ubuntu has a similar feature that you can select and scan your hardware and I don't think Ubuntu is spying on me.
If you want FED approved spyware use Windows and IE.
Chrome was the winner for security in the test (sandbox design) revealed right here at Tom's a few months back too.
Chrome is faster than Firefox, but less flexible when it comes to plug-ins. There are several plug-ins I run with Firefox that are simply not available to Chrome, or any other browser for that matter.
Already updated yesterday.
It's a shame i use to really like Firefox...seems like there having a few problems i used it for 3 years.Recently moved to Chrome just seems a lot faster.
Strange, lot of comments I about switching to Chrome, funny thing is I switched over to Chrome as well. FF was really slow on my online class, literally 15~20 seconds to load a forum.
i had FF and chrome both installed and used them both for a while. I didnt noticed any significant speed difference, other than that chrome launches a second or two faster, yippee. I also installed it on the kids computer for a while but that didnt last long as i ended up having to uninstall it because spybot started finding all sorts of stuff every time i ran it on that PC whereas with just FF it would stay clean for weeks on end. I've also noticed this on customers PCs. It might be that FF users are just more knowledgeable in general and use better common sense, but chrome/IE seems to be like an open door for malware.
I'll stick with my FF with ad-block plus, noscript, web of trust and other add-ons i really couldnt stand to be without. Even if FF did load pages slower (which it doesnt, especially with pipelining enabled), it would still be much faster for me to use due to how i have everything customized the way i want it.