Just ten days after the last Firefox update, the Mozilla Foundation has released another update to their browser. Firefox 3.6.3 patches a bug found in the recent Pwn2Own contest.
A memory corruption flaw leading to code execution was reported by security researcher Nils of MWR InfoSecurity during the 2010 Pwn2Own contest sponsored by TippingPoint’s Zero Day Initiative. By moving DOM nodes between documents Nils found a case where the moved node incorrectly retained its old scope. If garbage collection could be triggered at the right time then Firefox would later use this freed object.
You can download the latest version of Firefox here, or use the program’s built-in updater to get the new version.
