Firefox 3.6.3 Patches Pwn2Own Security Flaw
Mozilla has released a Firefox update that patches a security vulnerability in Firefox 3.6.2 web browser. This vulnerability was discovered and exploited during the Pwn2Own competition that challenges hackers to break the latest versions of the most popular web browsers – Firefox and Internet Explorer 8 on Windows 7, and Safari on Mac OS X, were hacked.
The flaw is a critical one, and its describe as;
A memory corruption flaw leading to code execution was reported by security researcher Nils of MWR InfoSecurity during the 2010 Pwn2Own contest sponsored by TippingPoint’s Zero Day Initiative. By moving DOM nodes between documents Nils found a case where the moved node incorrectly retained its old scope. If garbage collection could be triggered at the right time then Firefox would later use this freed object.
The flaw affects principally Firefox 3.6, but a patch for Firefox 3.5 is on the way. Updates are already available via Check for Updates… in the Help menu. Update!!!