Firefox 3.5 and 3.6 Vulnerability

Mozilla has released a blog entry indicating that it is aware of a critical vulnerability affecting Firefox 3.5 and Firefox 3.6. This vulnerability may allow an attacker to execute arbitrary code. The blog entry indicates that active exploitation of this vulnerability has been detected.

Update: The Mozilla Foundation has released Firefox 3.6.12 and 3.5.15 to address this vulnerability. Additionally, this vulnerability has been addressed in Thunderbird 3.1.6 and 3.0.10.

US-CERT encourages users and administrators to apply any necessary updates to help mitigate the risks. Users should consider disabling JavaScript and using the NoScript Add-on as described in the Securing Your Web Browser (PDF) document as best-practice security measures to help protect against future vulnerabilities.

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.

Firefox 3.5 and 3.6 Vulnerability

Please share your thoughts

CISA Releases Four Industrial Control Systems Advisories

Joint Guidance on Deploying AI Systems Securely

Citrix Releases Security Updates for XenServer and Citrix Hypervisor

CISA Adds One Known Exploited Vulnerability to Catalog

Firefox 3.5 and 3.6 Vulnerability

Please share your thoughts

Related Advisories

CISA Releases Four Industrial Control Systems Advisories

Joint Guidance on Deploying AI Systems Securely

Citrix Releases Security Updates for XenServer and Citrix Hypervisor

CISA Adds One Known Exploited Vulnerability to Catalog