«
»

Mozilla Releases Firefox 3.6.3 To Plug Pwn2Own Hole

If you haven’t updated to Firefox 3.6.3 yet, what are you waiting for? The latest version of Firefox plugs the hole that was used to hack the browser at Pwn2Own where every major browser was hacked. According to the security advisory, here’s what was fixed:

A memory corruption flaw leading to code execution was reported by security researcher Nils of MWR InfoSecurity during the 2010 Pwn2Own contest sponsored by TippingPoint’s Zero Day Initiative. By moving DOM nodes between documents Nils found a case where the moved node incorrectly retained its old scope. If garbage collection could be triggered at the right time then Firefox would later use this freed object.

So if you haven’t updated, do it now! At least one browser cares enough to close the holes found at Pwn2Own. As for the rest, what are you guys waiting for?

This entry was posted on April 2, 2010 at 7:50 pm and is filed under Commentary with tags . You can follow any responses to this entry through the RSS 2.0 feed You can leave a response, or trackback from your own site.

2 Responses to “Mozilla Releases Firefox 3.6.3 To Plug Pwn2Own Hole”

  1. Don Says:
    April 3, 2010 at 4:54 pm

    Waiting for the repos in Suse to get it. Holiday weekend maintainers taking time off :)

    Reply
  2. don Says:
    April 5, 2010 at 5:51 am

    Follow up on my post earlier, Suse has it in the Mozilla repo about 3 hours after I posted.

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.