Firefox browser developer Mozilla released Firefox 3.6.3 later on Thursday, which fixes a critical technical vulnerability found in the Pwn2Own global hacker competition last week. This indicates that Mozilla is again ahead of Apple and Microsoft in fixing browser security vulnerabilities. In the Pwn2Own hacker competition held last week, the German contestant "Nils" broke Firefox 3.6.2 running on Windows 7 operating systems, with an award of $10 thousand. It takes only 8 days for Firefox 3.6.3, which has been detected by Nils and released by Mozilla to fix the vulnerability. At the Pwn2Own conference last year, Nils also broke Firefox in the Mac OS X operating system environment. At that time, Mozilla released the corresponding upgrade only for 10 days.
Mozilla said that the Severity Level of the Security Vulnerability Detected by Nils last week was "critical", but the vulnerability only affected Firefox 3.6, while older firefox 3.0 and 3.5 versions were not affected.
In the Pwn2Own hacker competition held last week, other contestants also broke Apple Safari and Microsoft IE8 browsers. Apple and Microsoft have not announced when to release the patch for the Safari and IE8 vulnerabilities found in the competition.
Microsoft said earlier that it had received a notification from the Pwn2Own competition organizer TippingPoint about the IE8 vulnerability. However, Microsoft said earlier this week that it is still investigating the technical details of the vulnerability, so it will not release the patch.
By convention, TippingPoint will report the vulnerabilities discovered by contestants to the corresponding vendor. The conference organizer and contestants are not allowed to disclose the details of the vulnerabilities before each vendor releases the corresponding vulnerability patches.
- Google Chrome wins Pwn2Own global hacker Competition
- Firefox supports service expansion of Google Chrome
- Five essential extension tools for Google Chrome