It hasn’t been a month since the latest Firefox Update was released, but it has already caused a considerable stir. As with a lot of software releases (and usually with Internet browsers), Firefox 3.6 comes with a flaw. This isn’t really all that surprising, is it?
Anyhow, this flaw was discovered by Evgeny Legerov, the founder of Intevydis. This is a company that specializes in providing IT security solutions for various situations. The flaw discovered by Legerov was taken so seriously by the German government that it issued advisories to the effect that users should stop using this version of Firefox until Mozilla gets it fixed. To Mozilla’s credit, they were right on top of things – they went ahead of schedule and fixed the problem. More from eWEEK:
According to Mozilla, the Web Open Font Format (WOFF) decoder contains an integer overflow in a font decompression routine. As a result, too small a memory buffer could be allocated to store a downloaded font, and an attacker could exploit the situation to crash a victim’s browser and execute arbitrary code on the system.
The fix is contained within Firefox 3.6.2, which was initially scheduled to be released March 30. After the German advisory however, Mozilla announced it was moving up the release date. While security researchers are divided on the idea of switching browsers every time a vulnerability appears, it was not the first time a government had made the recommendation.
So is the latest version safe? Only if you download 3.6.2!