Firefox : version 3.6.2 download hurriedly released

The Mozilla Foundation has put version 3.6.2 of their web browser online, with the release being made available sooner then planned.

Yesterday we announced the release of Firefox 3.6.2 on the 30th of March, with this version aiming at correcting a confirmed security issue classified critical last week by Mozilla. We were therefore surprised to see that this maintenance engine has already been made available as a final version. This move has been undertaken by the Mozilla security team, underlining the importance of the update.

Firefox 3.6.2 corrects the vulnerability discovered a month ago by Russian security researcher Evgeny Legerov. According to Mozilla’s security release, the WOFF decoder contains an overflow when extracting a range of fonts. An attacker can exploit this vulnerability to crash a user’s browser through the use of random code.

Support of the Web Open Font Format is new to Firefox 3.6. Older versions are therefore not affected by this vulnerability. The WOFF format is compressed which allows for faster font downloads, with it also being capable of handling tags and Meta data.

After seeing IE6 used as an attack vector during the Chinese attacks against Google, the Bürger-CERT (German CERT) recommended using an alternative browser to Firefox while this WOFF vulnerability is being corrected. We can therefore imagine that Firefox took this into consideration.

Firefox 3.6.2 also corrects stability problems. This maintenance version can be downloaded from this page in the language and operating system of your choice. The update can also be performed through the browser’s help menu.