Mozilla Releases Firefox 3.6.3 To Plug Pwn2Own Hole

If you haven’t updated to Firefox 3.6.3 yet, what are you waiting for? The latest version of Firefox plugs the hole that was used to hack the browser at Pwn2Own where every major browser was hacked. According to the security advisory, here’s what was fixed:

A memory corruption flaw leading to code execution was reported by security researcher Nils of MWR InfoSecurity during the 2010 Pwn2Own contest sponsored by TippingPoint’s Zero Day Initiative. By moving DOM nodes between documents Nils found a case where the moved node incorrectly retained its old scope. If garbage collection could be triggered at the right time then Firefox would later use this freed object.

So if you haven’t updated, do it now! At least one browser cares enough to close the holes found at Pwn2Own. As for the rest, what are you guys waiting for?

2 Responses to “Mozilla Releases Firefox 3.6.3 To Plug Pwn2Own Hole”

  1. Waiting for the repos in Suse to get it. Holiday weekend maintainers taking time off 🙂

  2. Follow up on my post earlier, Suse has it in the Mozilla repo about 3 hours after I posted.

Leave a Reply

%d bloggers like this: