Friday, April 2, 2010

Mozilla 3.6.3 released. Fixed critical security hole.

Mozilla has just announced the release of Mozilla Firefox 3.6.3. It only fixed a critical security flaw that could potentially allow remote code execution (see bug 555109).

The memory corruption flaw, demonstrated by Nils of MWR Infosecurity at Pwn2Own 2010, is caused by moving DOM nodes between documents and triggering garbage collection at the right time, leaving an incorrectly retained node which would be used later. This, in turn, could be used to execute remotely injected code. Mozilla say the exploit only affects Firefox 3.6, but that it plans to patch Firefox 3.5 in a coming release "just in case there is an alternate way of triggering the bug".

There are no other changes in Firefox 3.6.3.

No comments: