Firefox 3.6.3 Patches Pwn2Own Flaw, Back to Security
By on April 2nd, 2010

Mozilla has released a quick update to its flagship Firefox Browser. This release 3.6.3 fixes the security flaws exploited at the Pwn2Own contest. The security flaw discovered at Pwn2Own affected only Firefox 3.6and later versions directly.

firefox-logo

The Mozilla Security Advisor had added this flaw to their website writing,

A memory corruption flaw leading to code execution was reported by security researcher  Nils of MWR InfoSecurity during the 2010 Pwn2Own contest sponsored by TippingPoint’s Zero Day Initiative. By moving DOM nodes between documents Nils found a case where the moved node incorrectly retained its old scope. If garbage collection could be triggered at the right time then Firefox would later use this freed object.

This flaw was address on April 1st, 2010 by Nils who also happens to be a security researcher. Mozilla has been quick in responding to this zero day exploit. The exploit of this flaw was a big challenge in itself, it being a zero day flaw.

To get the latest secure version of Firefox which has a fix for this flaw, go to Help -> Check for Updates and install the latest suggested release.

Tags: , ,
Author: Chinmoy Kanjilal Google Profile for Chinmoy Kanjilal
Chinmoy Kanjilal is a FOSS enthusiast and evangelist. He is passionate about Android. Security exploits turn him on and he loves to tinker with computer networks. He rants occasionally at Techarraz.com. You can connect with him on Twitter @ckandroid.

Chinmoy Kanjilal has written and can be contacted at chinmoy@techie-buzz.com.
  • http://dtechwiz.blogspot.com Karthik Prabhu

    Really nice.. I love Mozilla Firefox a lot.. But was very disappointed to know that it had a security flaw.. Chrome was the only browser which didn't get hacked at the Pwn2Own.. Hope this new fix solves the security flaw.. I don't want Firefox to have any flaws.. Addicted to using it.. It's my favorite browser.. :)

 
Copyright 2006-2012 Techie Buzz. All Rights Reserved. Our content may not be reproduced on other websites. Content Delivery by MaxCDN