Mozilla rushes Firefox 3.6.2 update to address zero-day vulnerability

Mozilla has released the first update for Firefox 3.6 (despite the .2 version number) that includes more than 100 bug fixes for several stability and security bugs.

Most notable in this release is a patch for a critical security vulnerability disclosed last week that could lead to remote code execution due to incorrect handling of a variable in the WOFF (Web Open Font Format) decompression routine. WOFF support is a new feature introduced in Firefox 3.6 so previous versions of Firefox are unaffected.

The vulnerability prompted the German government to recommend users to stop using Firefox, following a similar recommendation last January related to a security flaw in Internet Explorer.

Mozilla had initially scheduled the update for March 30th, a disappointing decision nonetheless considering Mozilla’s commitment to security and history. But they have made the right decision, pulled all the necessary efforts and has has released the security bug fix a week ahead.

To get the update, select Check For Updates… in Firefox’s Help menu, and follow the onscreen instructions. A stronger shield in less than one minute!