Firefox 3.6.12 fixes a critical security issue that could potentially allow remote code execution.
Heap buffer overflow mixing document.write and DOM insertion
Morten Kråkvik of Telenor SOC reported an exploit targeting particular versions of Firefox 3.6 on Windows XP that Telenor found while investigating an intrusion attempt on a customer network. The underlying vulnerability, however, was present on both the Firefox 3.5 and Firefox 3.6 development branches and affected all supported platforms.
Firefox 3.6.12 fixes critical security bug
Posted on Thursday, October 28 2010 @ 14:14 CEST by Thomas De Maesschalck