Security researcher Evgeny Legerov of Intevydis reported a Critical Security Issue which was announced by Mozilla foundation on 22nd March, had been fixed with a new version update 3.6.2. Its now available via automatic self discoverable built-in update.
Firefox 3.6.2 ‘s release note says “Fixed a critical security issue that could potentially allow remote code execution (see bug 552216).”
We find details at Mozilla Foundation Announcement
Title: WOFF heap corruption due to integer overflow
Impact: Critical
Announced: March 22, 2010
Reporter: Evgeny Legerov
Products: Firefox 3.6
Fixed in: Firefox 3.6.2
Description
Security researcher Evgeny Legerov of Intevydis reported that the WOFF decoder contains an integer overflow in a font decompression routine. This flaw could result in too small a memory buffer being allocated to store a downloadable font. An attacker could use this vulnerability to crash a victim’s browser and execute arbitrary code on his/her system.
Support for the WOFF downloadable font format is new in Firefox 3.6 (Gecko 1.9.2); this vulnerability does not affect products built on earlier versions of the Mozilla browser engine.
So its the time everybody should upgrade their Firefox to latest 3.6.2. You could check your version Click Help ->About Mozilla Firefox. If its anything otherthen 3.6.2 then click Help -> Check For Updates. You will be automatically upgraded to latest safe version.
BTW our user could download Firefox Latest Version by clikcing any of the image of this post. You could check our post about Upcomming FireFox 4.0 or Check out new Personas
