Mozilla has announced the release of Firefox 3.6.3 to address a critical security hole used as part of a winning exploit at Pwn2Own 2010. The update comes just over a week after the release of Firefox 3.6.2 which addressed a different critical flaw.
The memory corruption flaw, demonstrated by Nils of MWR Infosecurity at Pwn2Own 2010, is caused by moving DOM nodes between documents and triggering garbage collection at the right time, leaving an incorrectly retained node which would be used later. This, in turn, could be used to execute remotely injected code. Mozilla say the exploit only affects Firefox 3.6, but that it plans to patch Firefox 3.5 in a coming release "just in case there is an alternate way of triggering the bug".
There are no other changes in Firefox 3.6.3. The developers recommend that all Firefox 3.6 users upgrade to the new version, either by waiting for the automated update notification or by manually selecting "Check for updates" from the Help Menu.
[All of article]
The link for this article located at H Security is no longer available.