Firefox 3.6.2 Plugs Critical Security Hole
Mozilla fixed a security vulnerability in its Firefox browser ahead of schedule after the German government advised the public to stop using the browser.Mozilla has swatted a critical bug in its Firefox browser ahead of schedule. The flaw, which was discovered by Intevydis founder Evgeny Legerov, had caused enough of a stir to prompt Germany's B??rgerCERT to advise users to ditch the browser until it was fixed.
According to Mozilla, the Web Open Font Format (WOFF) decoder contains an integer overflow in a font decompression routine. As a result, too small a memory buffer could be allocated to store a downloaded font, and an attacker could exploit the situation to crash a victim's browser and execute arbitrary code on the system.