Mozilla has just announced the release of Mozilla Firefox 3.6.3. It only fixed a critical security flaw that could potentially allow remote code execution (see bug 555109).
The memory corruption flaw, demonstrated by Nils of MWR Infosecurity at Pwn2Own 2010, is caused by moving DOM nodes between documents and triggering garbage collection at the right time, leaving an incorrectly retained node which would be used later. This, in turn, could be used to execute remotely injected code. Mozilla say the exploit only affects Firefox 3.6, but that it plans to patch Firefox 3.5 in a coming release "just in case there is an alternate way of triggering the bug".
There are no other changes in Firefox 3.6.3.
Subscribe to:
Post Comments (Atom)
Second monitor no display after latest update - KDE-neon
After latest update as of Oct 3, 2023, my second monitor was undetected with latest kernel (6.2.0-33-generic). If I boot with previous kern...
-
I've installed latest squid (3.2.0.3) recently from source. I configured it with --with-icmp to enable incoming icmp request. After com...
-
What is df? It is a command to report filesystem disk space usage (on Linux). Problem Recently I checked my backup server's disk space. ...
-
Linux bash history with Page up / Page down In linux you can configure the pgup/pgdown keys to navigate through commands you typed that...
No comments:
Post a Comment