Critical vulnerability in Mozilla Firefox 3.6 2010-03-22 [Software advisories]

Critical vulnerability in Mozilla Firefox 3.6
2010-03-22 [Software advisories]
22 March 2010
The Mozilla project has confirmed that a vulnerability is present in its latest version of the popular browser Firefox (version 3.6). The vulnerability is defined as critical and could result in remote code execution.
Only Firefox version 3.6 is vulnerable. Previous versions of Firefox, and Mozilla’s other products, like the email client Thunderbyte and the SeaMonkey browser, are not affected.

An updated version of Firefox - version 3.6.2 - is expected to be released by Mozilla 30 March.

More information in Mozilla’s security blog postings here:

Original blog posting
Update
Update 2010.03.23
Mozilla has released version 3.6.2 ahead of the 30 March schedule. Mozilla also released security advisory 2010-08 with more information about the vulnerability.

Version 3.6.2 is said to have been released March 22th.

I actually was (France) prompted for it when powering the computer yesterday morning March 24th.

Note that not only one, but several vulnerabilities are fixed, and that, as usual, some concern very hypothetical usage from the common user.

http://www.mozilla.com/en-US/firefox/3.6.2/releasenotes/

Also note that, at the day speaking and according to Secunia, Firefox 3.6 has one advisory for 2010 (now patched as you relate it), while IE 8 has 2, one of them still unpatched.

Wouldn’t it be fair, when speaking of vulnerability, to quote all browsers vulnerabilities?

Hi brucine

Probably it would be fair, but … there is “not enough quotes” :D, to name all, since many are known already but cannot be disclosed
and then there are already new ones and more to come Hacker busts IE8 on Windows 7 in 2 minutes
and a bit !ot! , but sure you remember this “recent” one Microsoft to patch 17-year-old computer bug

Cheers!

All these vulnerabilities in IE 8, Firefox, Opera, and Apple Safari is the reason I switch to Google Chrome.

It hasn’t been hacked yet…

APACHE
Google Chrome 4.1.249.1042 beta (42199)

I read the ITWorld.com article. I never user Google Chrome or any browser to log on to a email account like Gmail or Google. That’s what email clients are for. And I don’t store personal info online period. This online storage is for the birds and anyone should know some how someone is going to gain access to it. I would’t even trust a security vendor like Norton’s online storage vault on their server!

If you want to store your info put it on a CD, DVD or format a Z disk on your hard drive and encrypt it.

As far as the Secunia Advisory SA39029 it was patched and that is the beta version I have now.

APACHE

As far as the Secunia Advisory SA39029 it was patched and that is the beta version I have now.

The firefox 3.6 security hole also was patched, and was the only one at the day speaking, not meaning that a new one shall not be discovered tomorrow in firefox…or google chrome.

Outside of the fact that i shall never trust anything called google, but it’s here a matter of personal opinion regarding privacy concerns, i only wanted to illustrate that the 100% safe browser (or more generally speaking, software) is not born.

You can’t, moreover, extrapolate the global security of a browser from your peculiar behavior (or mine): not even talking of webmail or storage, a large majority of security flaws most certainly comes from users with unsafe softwares and/or behaviors, but being taken into consideration in the ranking of these browsers.

Point taken…I agree there is not a completely safe browser. Matter of fact if it has anything to do with a computer, hardware, software or user the only safe computer is one that has been switched off.

Hi Guys,

I think you heard about the Lunascape browser
The idea is actually interesting – multiple engines (currently 3); it’s accepting different Add-ons; etc. That’s good for development, testing & stuff…

… but speaking OnTopic about security holes - that’s nice to have vast variety of vulnerabilities in one place ;D http://www.lunascape.tv/

Cheers!

Just use Comodo IS and use any browser you want…

I agree with Kyle. Buffer overflow protection still is a strong card of CIS in this respect.

Just use Comodo IS and use any browser you want.

Who spoke of “off topic”?

I suppose i would have been moderated if i had commented a topic speaking of active x protection in the firewall or av section, and stating “use firefox, it is unable to read active x”: people are entitled to use, say, IE and comodo.

This is not a general security forum, but a comodo forum, and i guess that most of us use some flavor of comodo.

Nevertheless, we are here in the “other security products”, the “use comodo” comment is not an “other security product”, and i don’t see why other security products discussions should not be allowed, this becoming the case if they are being perturbated by such off-topic comments.

Moreover, this would assume that comodo protection is 100% effective and not to be made better, leading to the conclusion that this forum has no reason to exist anymore.

I am surprised by several comments in this forum stating, in a “almost religious dogmatic way”, that “comodo is the best”, period, making it impossible to continue what we are here for: constructive discussions must go on.

Hi Kyle ,

Sorry, but NO! That will not protect you. especially with the latest implementation.

And then we are talking about browsers…

If MS DEP (the Software one… stressing) was cracked in several seconds … well … I’ll stop here.

The abbreviation in this case probably came from Deep Explorer Penetration :smiley:

Cheers!

!ot!

Makes me think back to my younger days and all the fine women! lol!

APACHE

Oh ! well, APACHE that’s never late for some browsing and finding… vulnerabilities ;D

Google Chrome just updated there beta version to 5.0.342.8 (2010-03-21)