Mozilla Fast-Tracks Fix For Critical Firefox Flaw

Mozilla has fast-tracked a patch for a critical vulnerability affecting its flagship Firefox browser. The patch, which was originally slated for release on March 30, fixes a vulnerability that could allow remote code execution attacks. The flaw was originally released into the VulnDisco exploit...

Firefox 3.6.2 Fixes Decompression Bug

Days before the start of Pwn2Own, Mozilla has patched its flagship Firefox browser. The Firefox 3.6.2 update fixes a critical bug in a font decompression routine that could be exploited to “crash a victim’s browser and execute arbitrary code on his/her system,” Mozilla said in a security advisory...

WOFF heap corruption due to integer overflow — Mozilla

Security researcher Evgeny Legerov of Intevydis reported that the WOFF decoder contains an integer overflow in a font decompression routine. This flaw could result in too small a memory buffer being allocated to store a downloadable font. An attacker could use this vulnerability to crash a victim...