Mozilla Fixes Critical Security Flaw With Firefox 3.6.2

Mozilla has fixed a critical bug in its Firefox browser ahead of schedule, after one European government warned its citizens to stop using the open source web browser.

The flaw, which was discovered by Intevydis founder Evgeny Legerov, had caused enough of a stir to prompt Germany’s BürgerCERT to advise users to ditch the browser until it was fixed.

According to Mozilla, the Web Open Font Format (WOFF) decoder contains an integer overflow in a font decompression routine. As a result, too small a memory buffer could be allocated to store a downloaded font, and an attacker could exploit the situation to crash a victim’s browser and execute arbitrary code on the system.

Only Firefox 3.6 was affected by the vulnerability.

“We urge users to promptly update to this release by selecting “Check for Updates…” from the “Help” menu, or by visiting https://www.mozilla.com/ for a free download,” according to Mozilla.

The fix is contained within Firefox 3.6.2, which was initially scheduled to be released on 30 March. After the German advisory however, Mozilla announced it was moving up the release date.

While security researchers are divided on the idea of switching browsers every time a vulnerability appears, it was not the first time a government had made the recommendation. Germany and France also advised users to ditch Internet Explorer until the vulnerability tied to the Aurora attack on Google was patched. That vulnerability was fixed in January.

Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Share
Published by
Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Recent Posts

The Cost of Tech Skills

The demand for tech skills is surging, driving economic growth but revealing challenges. Financial costs,…

10 mins ago

Supreme Court Says Meta Must Face Multibillion-Dollar Fraud Lawsuit

US Supreme Court tosses Meta's appeal over Cambridge Analytica-linked investor lawsuit, meaning case must proceed

12 mins ago

Uber Seeks $10m Stake In Pony AI Via IPO

Uber reportedly seeks $10m stake in Chinese autonomous driving firm Pony AI via US IPO,…

43 mins ago

Apple Developing ‘LLM Siri’ AI For 2026

iPhone maker reportedly developing next-generation AI large language model for Siri for spring 2026 as…

1 hour ago

Hong Kong Research Group Trains AI Model With Huawei Chips

Hong Kong-based AI research institute uses Huawei Ascend 910B chips to train latest model, as…

2 hours ago

Investors Shocked As Temu Parent Misses Estimates

Temu and Pinduoduo parent company PDD Holdings misses analysts' estimates as economic slowdown in China…

2 hours ago