Mozilla Acknowledges Critical Zero Day Flaw in Firefox

2010-03-19T12:09:00
ID MOZILLA-ACKNOWLEDGES-CRITICAL-ZERO-DAY-FLAW-FIREFOX-031910/73714
Type threatpost
Reporter Dennis Fisher
Modified 2013-04-17T16:37:29

Description

A month after an advisory was published detailing a new vulnerability in Firefox, Mozilla said it has received exploit code for the flaw and is planning to patch the weakness on March 30 in the next release of Firefox.

Mozilla officials said Thursday that the vulnerability, which was disclosed February 18 by Secunia, is a critical flaw that could result in remote code execution on a vulnerable machine. The vulnerability is in version 3.6 of Firefox.

Related Posts

Browser Address Bar Spoofing Vulnerability Disclosed

August 17, 2016 , 12:54 pm

Firefox to Block Flash in August, Disable in 2017

July 21, 2016 , 4:35 pm

Selfrando Technique Mitigates Attacks Unmasking Tor Users

June 24, 2016 , 12:00 pm

Mozilla was contacted by Evgeny Legerov, the security researcher who
discovered the bug referenced in the Secunia report, with sufficient
details to reproduce and analyze the issue. The vulnerability was
determined to be critical and could result in remote code execution by
an attacker. The vulnerability has been patched by developers and we
are currently undergoing quality assurance testing for the fix. Firefox
3.6.2 is scheduled to be released March 30th and will contain the fix
for this issue.

Mozilla already has released a beta build of Firefox 3.6.2, which contains the fix for the unpatched vulnerability. The full version will be available on March 30.