Users of the Mozilla Firefox browser are being asked to update their software as soon as possible, as the open-source project seeks to get an update of version 3.6 on user’s machines before its originally scheduled release date of March 30. The rush to update Firefox was prompted by security analyst Evgeny Legerov of Intevydis, who informed Mozilla of the Firefox security vulnerability that would allow for remote code execution on a user’s machine.
According to the security bulletin released by Mozilla, the researcher “reported that the WOFF decoder contains an integer overflow in a font decompression routine. This flaw could result in too small a memory buffer being allocated to store a downloadable font.” Mozilla warned that “an attacker could use this vulnerability to crash a victim's browser and execute arbitrary code on his/her system.”
The Firefox vulnerability prompted BürgerCERT – the German government’s infosec department – to issue a warning to users, asking them to refrain from surfing the web with Firefox until the security holes were patched. Mozilla said it is aware of the German government’s recommendation, noting that Firefox users with version 3.6 can update to 3.6.2 immediately at the Mozilla website.