Mozilla Firefox minor update

On March 23, 2010 Mozilla Foundation released an off-schedule patch that removes a critical security vulnerability in Firefox 3.6 web browser.

The critical security vulnerability allows the attackers to execute malicious code on the user's personal computer when the user visits infected websites. The occurrence of this vulnerability was announced on March 22, 2010. It was detected by the experts of Secunia (the provider of Vulnerability Intelligence and Vulnerability Management tools). The error is connected with the integer overflow during processing of WOFF fonts. Its successful use can make the browser execute arbitrary code.

In the official blog the representatives of Mozilla Foundation assured that uncovered vulnerability would be amended in Firefox 3.6.3 which had to be released on March, 30. However the government of Germany recommended that the users should refrain from using the browser. This statement made the developers of the popular software speed up their work on fixing the vulnerability.

To install the update the users should use the built-in update module. It is highly recommended that the users should not delay the installation of the minor Firefox security update.

TAGS
firefox, mozilla, firefox 3 6 2, off-schedule patch, minor update, critical vulnerability, browser, security vulnerability