Mozilla Plans Fix For Critical Firefox Vulnerability In Next Release

Trailrunner7 writes "A month after an advisory was published detailing a new vulnerability in Firefox, Mozilla said it has received exploit code for the flaw and is planning to patch the weakness on March 30 in the next release of Firefox. Mozilla officials said Thursday that the vulnerability, which was disclosed February 18 by Secunia, is a critical flaw that could result in remote code execution on a vulnerable machine. The vulnerability is in version 3.6 of Firefox."

Re:What kept them?

[NotQuiteReal]

Lynx is pretty secure

Re:Planning? It's not enough!

[maxume]

Are you being intentionally ridiculous?

The fix is in the latest beta release already, that binary is slated to be the release candidate, and if testing goes well, it will be the release.

Re:Planning? It's not enough!

[Athanasius]

As someone else already quoted:

Mozilla already has released a beta build of Firefox 3.6.2, which contains the fix for the unpatched vulnerability

You can already go and download that 3.6.2 beta if you want, I did.

The 'planning' is about the data of 3.6.2's release, not whether or not it will have this fix included.

Re:OMFG

[wizardforce]

Mozilla is aware of the claim of a zero-day in Firefox as posted here: http://secunia.com/advisories/38608/. We cannot confirm the report as we have received no details regarding the reported vulnerability, such as a proof-of-concept or steps to reproduce. We’ve attempted to contact the researcher who discovered the issue but have not received a response.

Secunia: omfg Firefox has a vulnerability!!!
Mozilla: ok so what are the specifics?
Secunia: ...
Mozilla: Hello?
Secunia: ...
Mozilla: Anyone?
Secunia a few days ago: Right then... here are the details...
Mozilla: *patched beta*