Mozilla is the first browser vendor to fix a vulnerability exploited at this year’s CanSecWest Pwn2Own contest.
Just one week after a U.K.-based hacker known as “Nils” broke into a 64-bit Windows 7 machine with a Firefox vulnerability, the open-source group shipped Firefox 3.6.3 to plug the security hole.
From Mozilla’s advisory:
A memory corruption flaw leading to code execution was reported by security researcher Nils of MWR InfoSecurity during the 2010 Pwn2Own contest sponsored by TippingPoint’s Zero Day Initiative. By moving DOM nodes between documents Nils found a case where the moved node incorrectly retained its old scope. If garbage collection could be triggered at the right time then Firefox would later use this freed object.
Mozilla said the exploit used by Nils only affects Firefox 3.6 and not earlier versions.
However, the group said it will issue a patch for Firefox 3.5 in an upcoming release “just in case there is an alternate way of triggering the bug.”
The Firefox 3.6.3 update is rated critical. It will be shipped via the browser’s automatic update mechanism.