Firefox 3.6.2 addresses critical vulnerability

A Web-based font issue could let remote attackers have their way with your computer. Mozilla issues Firefox 3.6.2 to fix the problem.

Mozilla released Firefox 3.6.2 late Monday to fix a critical security hole involving Web-based font technology.

"We strongly recommend that all Firefox users upgrade to this latest release. If you already have Firefox 3.6 you will receive an automated update notification within 24 to 48 hours. This update can also be applied manually by selecting 'Check for Updates...' from the Help menu," Mozilla's director of Firefox, Mike Beltzner, said in a blog post.

With the vulnerability, an attacker could crash a person's browser and, worse, run arbitrary code on the person's machine, Mozilla said. Because it involves a technology called Web Open Font Format (WOFF) introduced in Firefox 3.6, it doesn't affect earlier versions.

Here are further details about the 111 changes in the new version and the not terribly verbose 3.6.2 release notes.

About the author

Stephen Shankland has been a reporter at CNET since 1998 and covers browsers, Web development, digital photography and new technology. In the past he has been CNET's beat reporter for Google, Yahoo, Linux, open-source software, servers and supercomputers. He has a soft spot in his heart for standards groups and I/O interfaces.

 

Join the discussion

Conversation powered by Livefyre

Show Comments Hide Comments
Latest Galleries from CNET
ZTE's wallet-friendly Grand X (pictures)
Lenovo reprises clever design for the Yoga Tablet 2 (Pictures)
Top-rated reviews of the week (pictures)
Best iPhone 6 and iPhone 6 Plus cases
Make your own 'Star Wars' snowflakes (pictures)
Bento boxes and gear for hungry geeks (pictures)