Mozilla has moved quickly to issue a patch for a zero-day vulnerability that had been observed exploiting certain versions of its popular Firefox browser. Mozilla patched the flaw in the 3.5 and 3.6 versions of Firefox about 48 hours after it had been publicly reported, though it had already been observed in the wild, including an exploit on the Nobel Peace Prize website.
Mozilla said that it appears as though the beta testers using running Firefox 4 will be unaffected by the flaw, but that release won’t be generally available until next year. eSecurity Planet takes a look at Mozilla’s patch for what’s been dubbed the Nobel security flaw.
Barely 48 hours after a zero day flaw in Firefox was publicly reported, Mozilla has issued a patch protecting its users with the new Firefox 3.6.12 and 3.5.15 releases. The new release comes just over a week after Mozilla released Firefox 3.6.11 fixing at least nine security issues.
Mozilla was alerted on October 25th about the zero day flaw in its Firefox 3.6 and 3.5 browsers, which could have enabled drive-by downloads of malware. Security research Morten Kråkvik first reported the vulnerability to Mozilla after discovering the issue while performing an investigation of an intrusion attempt.