Mozilla releases Firefox 3.6.8 to close critical vulnerability

Just a couple of days after the arrival of Firefox 3.6.7, the Mozilla development team has released version 3.6.8 of its popular open source web browser to close a single, critical rated, vulnerability. According to the developers, a previous fix in 3.6.7, aimed at addressing a plug-in parameter array crash, can itself cause a crash that could lead to memory corruption. The developers say that, “In certain circumstances, properties in the plug-in instance’s parameter array could be freed prematurely leaving a dangling pointer that the plug-in could execute, potentially calling into attacker-controlled memory.”

Read more at H-online

Comments are closed.