Last Updated: 2010-03-23 05:06:18 UTC
by Scott Fendley (Version: 2)
In the past month, there has been lots of discussions involving an unpatched security vulnerability in Firefox 3.6. Unfortunately, there was very limited information released on the vulnerability and much of the discussions revolved around if the reports were real or just FUD. Mozilla eventually received enough information where they could reproduce the problem and posted an advisory late on 3/18/2010 (yes I know that I missed this being released yesterday, and I blame the NCAA tourney for that).
In any case, Firefox 3.6.2 is scheduled for release on March 30, but the beta build is available from their nightly candidate area. More information is located at Mozilla Security Blog. Please schedule some time to test this version and get this into your update pipeline for user workstations.
UPDATE Mar 23 2010 05:00:00: Well, Firefox 3.6.2 has been released early. The release notes are available at http://www.mozilla.com/en-US/firefox/3.6.2/releasenotes/ . For those that have distinct testing plans for your workstations, you have the opportunity to engage these plans earlier than expected this week. Happy patching and testing everyone.
Scott Fendley ISC Handler