Firefox 3.6.3 Critical Security Update Released, Update Now
Mozilla is the first web browser vendor to fix a vulnerability exploited at this year’s CanSecWest Pwn2Own contest. Just one week after a U.K.-based hacker known as “Nils” broke into a 64-bit Windows 7 machine with a Firefox vulnerability, the open-source group shipped Firefox 3.6.3 to plug the security hole.
The latest Firefox 3.6.3 update update fixes this critical security vulnerability in Firefox 3.6.2. This is a highly recommended update for all Firefox 3.6.2 users.
From Mozilla Foundation Security advisory:
A memory corruption flaw leading to code execution was reported by security researcher Nils of MWR InfoSecurity during the 2010 Pwn2Own contest sponsored by TippingPoint’s Zero Day Initiative. By moving DOM nodes between documents Nils found a case where the moved node incorrectly retained its old scope. If garbage collection could be triggered at the right time then Firefox would later use this freed object.
As this exploit only affects Firefox 3.6 version, which includes Firefox 3.6, Firefox 3.6.1 and Firefox 3.6.2, so all users using these versions of Firefox should update their version to the latest immediately.
Firefox 3.6.3 update is available via the in-built automatic update check. Users can also download from the official Mozilla Firefox website.