Mozilla has confirmed a reported Firefox, after initially dismissing a security advisory from Secunia. A patch for the vulnerability has been included in Firefox 3.6.2, which is scheduled to land on March 30, though a beta version is available for download however we doubt whether it will fit it or not. Earlier, a security researcher named Evgeny Legerov has reported getting to know of exploit code for a previously unknown remote code execution bug in Firefox 3.6. The exploit was included in VulnDisco, an add-on for a professional exploitation framework called Immunity CANVAS.
Mr. Legerov, who is the founder of Moscow-based vulnerability research firm InteVyDis, has clearly expressed his disagreement with what is known as the “responsible disclosure policy” in the security industry. According to him, the practice of notifying vendors in advance of going public with information about new vulnerabilities is the equivalent of quality assurance work for free.
Firefox 3.6.2, which addresses this vulnerability, is scheduled for release on March 30, but a beta version can be downloaded from here.
Incoming Search Engine Terms...- firefox audio vuln immunity canvas
Promotion : Download Men's Journal
Dec. - Jan. 2012 Issue