Mozilla Plans Fix For Critical Firefox Vulnerability In Next Release

Trailrunner7 writes "A month after an advisory was published detailing a new vulnerability in Firefox, Mozilla said it has received exploit code for the flaw and is planning to patch the weakness on March 30 in the next release of Firefox. Mozilla officials said Thursday that the vulnerability, which was disclosed February 18 by Secunia, is a critical flaw that could result in remote code execution on a vulnerable machine. The vulnerability is in version 3.6 of Firefox."

1.5 months for a response and release?!

[carlhaagen]

There's a disturbing amount of "Microsoft" in this.

Re:1.5 months for a response and release?!

[AmberBlackCat]

Is this the part where some government official is supposed to recommend people stop using Firefox until March 30th, or does that only apply to Internet Explorer?

Re:1.5 months for a response and release?!

[iPhr0stByt3]

MS haters - please mod parent troll.

Re:So this just shows, that you can't relax.

[Securityemo]

Currently, you *can* relax about _malware_ if you're on Linux/*nix, because it's just not a target. Windows 7 has good security on the native-level front, with stack/heap NX, and full ASLR, but both of these can be coded around, in many exploit situations. It's still better than many end-user-oriented linux dists, code quality notwithstanding. Also, you forget one attack vector, and perhaps the easiest in terms of not having to deal with security measures: having the payload embed malicious code in the browser itself and steal data from, say, banking sessions.