A critical security flaw in Firefox was disclosed yesterday, and patched today. Now that’s what I call quick service.
The flaw in Firefox was a buffer overflow flaw which allowed remote code execution, if exploited, meaning that people could access your system remotely, and run programs and do other nasty things on your computer, all from afar, and without your knowledge.
The flaw was discovered by independent security researcher Tom Ferris, who reported the flaw to Mozilla. However, according to a CNet report, Ferris “decided to publicly disclose the flaw after a run-in with Mozilla staff.”
“We’d like to make sure that by the time something goes public, we have a solution for the users,” said Mike Schroepfer, a director of engineering at Mozilla, yesterday, explaining that “We believe there is a buffer overflow issue. We are still determining whether it is exploitable by attack.”
Today they released a patch for the flaw, along with the following explanation:
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
“On September 6 a security vulnerability affecting all versions of Mozilla Firefox and the Mozilla Suite was reported to Mozilla by Tom Ferris and on September 8th was publicly disclosed.
On September 9, the Mozilla team released a configuration change which, as a temporary measure to work around this problem, disables IDN in the browser. IDN functionality will be restored in a future product update. The fix is either a manual configuration change or a small download which will make this configuration change for the user. ”
So there you have it. You can get the manual fix, or the patch, for the [Page no longer available – we have linked to the archive.org version instead].
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.