The Mozilla Foundation has released Firefox 3.6.2 to address multiple security issues, including a critical vulnerability that may allow a remote attacker to execute arbitrary code.
US-CERT encourages users and administrators to do the following to help mitigate the risks:
Additional information regarding this vulnerability, including a workaround for users who cannot upgrade, can be found in the Vulnerability Notes Database.
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-3502 TrueConf Client…