A month after an advisory was published detailing a new vulnerability in Firefox, Mozilla said it has received exploit code for the flaw and is planning to patch the weakness on March 30 in the next release of Firefox.
Mozilla officials said Thursday that the vulnerability, which was disclosed February 18 by Secunia, is a critical flaw that could result in remote code execution on a vulnerable machine. The vulnerability is in version 3.6 of Firefox.
Mozilla was contacted by Evgeny Legerov, the security researcher who
discovered the bug referenced in the Secunia report, with sufficient
details to reproduce and analyze the issue. The vulnerability was
determined to be critical and could result in remote code execution by
an attacker. The vulnerability has been patched by developers and we
are currently undergoing quality assurance testing for the fix. Firefox
3.6.2 is scheduled to be released March 30th and will contain the fix
for this issue.
Mozilla already has released a beta build of Firefox 3.6.2, which contains the fix for the unpatched vulnerability. The full version will be available on March 30.