Mozilla confirmed yesterday with sufficient details that a vulnerability in the latest Firefox release could result in remote code execution by an attacker. ComputerWorld tells us the “the bug was disclosed by Russian researcher Evgeny Legerov a month ago in a message posted on a forum hosted by Immunity, the Miami beach, Fla. developer best known for its Canvas penetration testing framework.” The bug has also been reported by Secunia, a Danish vulnerability intelligence company. Secunia says the cause is “due to an unspecified error and can be exploited to execute arbitrary code.

Currently, this only affects the latest Firefox release, version 3.6. This release came out just a couple of months ago in January.

Although developers have already fixed the issue, they are currently undergoing quality assurance testing before releasing the patch. The patch is scheduled to come out with Firefox version 3.6.2 on March 30. In the meantime, Mozilla suggests download the beta build which already contains the fix.

Tags: internet browsers, malware, security and protection

Posted by Lansia on 2010-03-19 in New Releases, Security Issues
Leave a Comment

Related Posts

• Internet Explorer Flaw Causes Malware Vulnerability
• Top 10 Best Internet Security Suites
• BitDefender Update Causes Windows Shut Down
• Panda Security Helps FBI Take Down Global Hackers
• Cyber-Attack Will Test Government Security Next Tuesday
• Sex, Sex, Sex: Spammed, Dumped and Censored
• 20-Minute Challenge: Try Symantec Endpoint Protection Small Business Edition for Free
• Backup Software Showdown: CA ARCserve vs. Symantec Backup Exec
• Studies Prove, You May Need Longer, Stronger, Safer Passwords
• Trend Micro Discovers Another Adobe Vulnerability