Firefox 3.6.12 and Firefox 3.5.15 are now available for download to customers around the world, although the two releases were initially planned for availability in December 2010.The fresh versions of Mozilla’s open source browser are part of the update process, although in this sense, their delivery is not in accordance with the browser vendor’s normal schedule.
Fact is that Firefox 3.6.12 and Firefox 3.5.15 are the equivalent of Microsoft out of band security updates.
While under normal conditions each new Firefox 3.6.x and Firefox 3.5.x release is a security and stability update, the latest refreshes are designed only to patch a vulnerability which older versions of the browser share.
“Firefox 3.6.12 and Firefox 3.5.15 are now available as free downloads for Windows, Mac, and Linux. We strongly recommend that all Firefox users upgrade to these latest releases to stay secure,” revealed Mozilla’s Christian Legnitto.
“If you already have Firefox, you will receive an automated update notification within 24 to 48 hours. These updates can also be applied manually by selecting “Check for Updates…” from the Help menu, or by downloading [the manually].”
Users are advised to deploy Firefox 3.6.12 or Firefox 3.5.15 as soon as possible, and update Firefox 3.6.11 or Firefox 3.5.14 respectively.
In doing so, they will patch a Critical security vulnerability which the open source browser vendor resolved following the advent of Firefox 3.6.11 and Firefox 3.5.14.
“These releases fix a critical security issue that could potentially allow remote code execution. We have received reports from several security research firms that exploit code leveraging this vulnerability has been detected in the wild,” Legnitto added.
“Thanks to Mozilla’s industry-leading open security process the fix has been created, tested, and released to users within 48 hours of first notification about the vulnerability.”
The security flaw in question is a heap buffer overflow vulnerability which involves mixing document.write and DOM insertion.
According to Mozilla it affects both Firefox 3.6.12 or Firefox 3.5.15, with Windows XP users being most exposed to exploits. Attacks targeting this vulnerability have already been detected in the wild.
Firefox 3.6.12 and Firefox 3.5.15 for Windows are available for download here.
Firefox 4 Beta 6 for Windows is available for download here.
Firefox 4 Beta 6 for Linux is available for download here.
Firefox 4 Beta 6 for Mac is available for download here.