Firefox 3.6.3 Patches Pwn2Own Flaw, Back to Security

Mozilla has released a quick update to its flagship Firefox Browser. This release 3.6.3 fixes the security flaws exploited at the Pwn2Own contest. The security flaw discovered at Pwn2Own affected only Firefox 3.6and later versions directly.

firefox-logo

The Mozilla Security Advisor had added this flaw to their website writing,

A memory corruption flaw leading to code execution was reported by security researcher  Nils of MWR InfoSecurity during the 2010 Pwn2Own contest sponsored by TippingPoint’s Zero Day Initiative. By moving DOM nodes between documents Nils found a case where the moved node incorrectly retained its old scope. If garbage collection could be triggered at the right time then Firefox would later use this freed object.

This flaw was address on April 1st, 2010 by Nils who also happens to be a security researcher. Mozilla has been quick in responding to this zero day exploit. The exploit of this flaw was a big challenge in itself, it being a zero day flaw.

To get the latest secure version of Firefox which has a fix for this flaw, go to Help -> Check for Updates and install the latest suggested release.

Published by

Chinmoy Kanjilal

Chinmoy Kanjilal is a FOSS enthusiast and evangelist. He is passionate about Android. Security exploits turn him on and he loves to tinker with computer networks. He rants occasionally at Techarraz.com. You can connect with him on Twitter @ckandroid.

  • http://dtechwiz.blogspot.com Karthik Prabhu

    Really nice.. I love Mozilla Firefox a lot.. But was very disappointed to know that it had a security flaw.. Chrome was the only browser which didn't get hacked at the Pwn2Own.. Hope this new fix solves the security flaw.. I don't want Firefox to have any flaws.. Addicted to using it.. It's my favorite browser.. :)