Categories: US-Cert-Repository

Firefox 3.5 and 3.6 Vulnerability

Original release date: October 27, 2010 | Last revised: October 23, 2012

Mozilla has released a blog entry indicating that it is aware of a critical vulnerability affecting Firefox 3.5 and Firefox 3.6. This vulnerability may allow an attacker to execute arbitrary code. The blog entry indicates that active exploitation of this vulnerability has been detected.

Update: The Mozilla Foundation has released Firefox 3.6.12 and 3.5.15 to address this vulnerability. Additionally, this vulnerability has been addressed in Thunderbird 3.1.6 and 3.0.10.

US-CERT encourages users and administrators to apply any necessary updates to help mitigate the risks. Users should consider disabling JavaScript and using the NoScript Add-on as described in the Securing Your Web Browser (PDF) document as best-practice security measures to help protect against future vulnerabilities.

This product is provided subject to this Notification and this Privacy & Use policy.

admin

Share
Published by
admin

Recent Posts

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on…

4 days ago

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on…

1 week ago

CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on…

1 week ago

CISA Urges Hardening Fortinet Devices After Reports of Credential Exposure

CISA is aware of global reports that malicious cyber actors have targeted internet-accessible Fortinet devices…

2 weeks ago

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on…

2 weeks ago

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on…

2 weeks ago

This website uses cookies.