Mozilla Acknowledges Critical Zero Day Flaw in Firefox

A month after an advisory was published detailing a new vulnerability in Firefox, Mozilla said it has received exploit code for the flaw and is planning to patch the weakness on March 30 in the next release of Firefox.

Mozilla officials said Thursday that the vulnerability, which was disclosed February 18 by Secunia, is a critical flaw that could result in remote code execution on a vulnerable machine. The vulnerability is in version 3.6 of Firefox.

Mozilla was contacted by Evgeny Legerov, the security researcher who discovered the bug referenced in the Secunia report, with sufficient details to reproduce and analyze the issue.  The vulnerability was determined to be critical and could result in remote code execution by an attacker.  The vulnerability has been patched by developers and we are currently undergoing quality assurance testing for the fix.  Firefox 3.6.2 is scheduled to be released March 30th and will contain the fix for this issue.

Mozilla already has released a beta build of Firefox 3.6.2, which contains the fix for the unpatched vulnerability. The full version will be available on March 30.

Commenting on this Article is closed.