The Inquirer-Home
Communications > Security

Mozilla fixes Firefox issue

Uber patches
By Dave Neal
Tue Mar 23 2010, 14:45

OPEN SOURCE SOFTWARE OUTFIT Mozilla has issued a fix for the latest critical security vulnerability to affect its popular Firefox browser.

The problem, which would allow a remote attacker to take control of an infected system, was seen to be so severe that the German government advised people to stop using Firefox.

Now Mozilla has fixed the problem, one week ahead of its own schedule, suggesting that it took the German warning very seriously.

Mozilla has already issued one fix but it required a lot of manual intervention. This latest fix is automatic and can be installed after following a few simple "check for updates" instructions.

The German Buerger Cert has already recommended that users update to this latest release, although, to be honest, our Google Translate version of events makes it a little difficult to work out.

"The Mozilla developers are ready for Firefox version 3.6, the update 3.6.2. The Bürger-CERT recommends that users of version 3.6 to upgrade quickly", it said. µ

 

Share this:

< Previous article| Next article >
Comments
Afraid not

@joed
The vulnerability was apparently in a too small a buffer for their new 3.6 downloadable fonts thing, so you are wrong in thinking noscript would have protected you since it would think it was all legit and OK to have a website have some original fonts.

posted by : W.-, 24 March 2010 Complain about this comment
Short translation

The original text:

Empfehlung

Die Mozilla-Entwickler stellen für die Firefox-Version 3.6 das Update 3.6.2 bereit.
Das Bürger-CERT empfiehlt Anwendern der Version 3.6 zeitnah eine Aktualisierung durchzuführen.
Am einfachsten ist dies über die integrierte Update-Funktion möglich.

My translated version:

Recommandation

The Mozilla developers have made the 3.6.2 update ready for Firefox version 3.6.
The Bürger-CERT recommends that users of version 3.6 to perform an update very soon.
The easiest way to do this is with the integrated Update function.

-

Just my 5 cents.
And to make all worse I'm Danish.

Best regards, Anders Otte

posted by : Anders Otte, 24 March 2010 Complain about this comment
it's even stranger

that my other system got 3.6.2 update some 2 days ago (w/o asking) and every time i tried to trigger update process on my laptop it would find nothing. today 3.6.2 is loading automatically.
not that i really cared - i'm quite sure that with noscript enabled not much could have happened.

posted by : joed, 24 March 2010 Complain about this comment
Is it strange...

that I never got 3.6.1?

posted by : Charles, 23 March 2010 Complain about this comment
aboutus
Advertisement
Subscribe to INQ newsletters
Click here to sign up
INQ White papers

Databases

Network management

Security

Service oriented architecture

Storage
Advertisement
INQ Jobs
INQ Poll

Facebook starts selling shares

Will you buy Facebook shares?

View other polls
Follow us:
Business & Technology websites:
Business research resources:
Products:
Investment Market IT websites:
Find out what you are worth:
Search for a job:
Recruitment Agency A-Z Directory
Accreditations: