What I find far more troubling here is that Secunia seems to be taking this exploit on faith alone. A number of threads (search for them, they're out there) paint VulnDisco's vendor as uncooperative with "responsible disclosure" procedures, and why not? After all, this is a commercial vendor with a product to sell; though, perhaps it's worth noting that apparently someone *already purchased the product and was unable to reproduce the issue on 3.6*. The impropriety of this operation is already being called into question. Perhaps if I submit a report to Secunia of - let's say - Opera being critically insecure with a potential remote execution vector via a buffer overflow, I can get it published too? After all, I sell a commercial vulnerability discovery pack and can't POSSIBLY be in it for the money. This seems to be going awfully far for not having any real proof.

http://secunia.com/advisories/38608/
http://secunia.com/community/forum/thread/show/3592

Does that mean it's real, or are they taking it on trust from the original report by A. Random Hacker?

To all you linux experts. I'm running Linux ubantu on top of or within Win7 using WUBI. Is that safe enough to by pass all these exploits when running FFox in Linux.

Since it is a 'windows' only flaw, having to do with buffer overflow...

with its history of never having really fixed the buffer over flow problem (windows, that is)

should this not be another WINDOWS BUFFER OVERFLOW PROBLEM??

Firefox just happened to be the one that triggered the rediscovery.

Good thing i still use 3.0.xx then, seems this won't effect me!