Saturday, March 20, 2010
"Mozilla yesterday confirmed a critical vulnerability in the newest version of Firefox, and said it would plug the hole by the end of the month.
"Although the patch won't be added to Firefox before next week's Pwn2Own browser hacking challenge, researchers won't be allowed to use the flaw, according to the contest's organizer.
"`The vulnerability was determined to be critical and could result in remote code execution by an attacker,` Mozilla acknowledged in a post to its security blog late Thursday. `The vulnerability has been patched by developers and we are currently undergoing quality assurance testing for the fix.`
"Firefox 3.6, which Mozilla launched in January, is affected, Mozilla said, adding that it would be patched in version 3.6.2, currently slated to ship on March 30..."