Now that was fast. The Firefox developers have updated the web browser only a day after the discovery of a 0-day vulnerability on the Nobel Prize website targeting Firefox 3.6 Windows installations. The critical vulnerability affected all Firefox 3.6 and 3.5 releases, and allowed the attacker to compromise a system without user interaction or warning messages.
The new versions of the browser are currently distributed to the release servers. It usually takes a couple of hours before the releases are pushed to the users who will receive an update notification once the new version becomes officially available.
The new version numbers are Firefox 3.6.12 and Firefox 3.5.15. We have uploaded the English versions to a file hoster, in case you want to download it right away to protect your computer system. You also find the new versions for all supported operating systems and languages on the release servers.
Users who want to wait for the official release should disable JavaScript in the meantime, as the exploit requires JavaScript enabled.
The release notes are up already, they simply confirm that the critical security vulnerability was fixed in this Firefox update:
Firefox 3.6.12 fixes a critical security issue that could potentially allow remote code execution.
Downloads:
http://www.mediafire.com/file/i5wdlb4ek2mi6i8/Firefox%20Setup%203.5.15.exe
http://www.mediafire.com/file/t4clgc7vkxwdxj2/Firefox%20Setup%203.6.12.exe
We expect an official release announcement in the next hours. The reaction time to resolve the vulnerability was excellent to say the least.
Enjoyed the article?: Then sign-up for our free newsletter or RSS feed to kick off your day with the latest technology news and tips, or share the article with your friends and contacts on Facebook or Twitter.Related Articles:
Mozilla Patches Critical Security Vulnerability In Firefox 3.6WordPress 3.0.4 Released, Fixes Critical Security Vulnerability
Critical Security Vulnerability In Firefox 3.5
Adobe Fixes Critical Shockwave Vulnerability
Adobe Reader 9.3.3 Released, Fixes Critical Security Issues
why do you send everyone to a mediafire link? Why not send them to the official download site.
“Oh gosh, you’re sick! Quick take this pill!”
That is a good point. While I fully trust Martin, there have been plenty examples of clever social engineering involving hacked sites.
I’m giving everyone a choice, nothing more. You are free to use the links or not.
Because the Firefox guys do not want us to link directly to the servers, and the version was not linked on the http site yet.
Hoi Martin, Thanks for the ferry quick links you gave. But i have upgraded main firefox to 3.6.12 with the up til now ferry trusted http://www.majorgeeks.com/Mozilla_Firefox_3_d2248.html
One ferry strange thing happened when i updated main updated had to reboot, the system. Any idea why Martin?
It’s likely that the official link was not available when this was posted. I know I started to see the fact that an update was around, but you could not find it on the Moz site via a link.
Regarding the reboot – Windows pushed down a few updates today; maybe the restart was related to that; check the update history. The 3.6.12 did not require a system reboot.
Firefox – must have browser, need russian lang..