Firefox Update (3.6.12) Fixes Zero Day Vulnerability


Yesterday, we reported on a critical zero day vulnerability in both Firefox 3.5, and Firefox 3.6., which could have allowed remote code execution in the Browser.

Mozilla jumped on this issue immediately, and has provided a fix by releasing Firefox version 3.6.12. Firefox 3.5 users, can ensure protection is in place against this vulnerability by updating to version 3.5.15.

If you haven’t updated your version of Firefox yet, then go to Help – Check for updates. Not all users allow automatic updates and installation – I’m one, as the following graphic illustrates. However, I do allow the update to download.


For an overview of Browser security add-ons you should consider installing, read – An IT Professional’s Must Have Firefox and Chrome Add-ons, here on this site.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.


Filed under Application Vulnerabilities, Browsers, cybercrime, Don't Get Hacked, downloads, Firefox, Freeware, Malware Advisories, Online Safety, Software, Windows Tips and Tools

8 responses to “Firefox Update (3.6.12) Fixes Zero Day Vulnerability

  1. Ahmed Helmy

    Yup Firefox Rocks! they are doing great job keeping those hackers away 🙂

  2. Mal

    Hey Bill,

    I’m the same, I don’t allow automatic downloads and installation. As soon as this popped up yesterday on Firefox, I let it download. Good to see they jumped straight on it.


    • Hey Mal,

      Sounds like we’ve both gone through the “bad update” blues, at one time or another. Just one of these is enough to raise the caution flag.

      I have to admit, I was more than a little surprised to see the fix come out so soon – that’s some good work by Mozilla.



  3. Mozilla surely is fast right? Their team really made an effort to fix this and ensures their end-user customers not to suffer that long. AV companies already have a fix for this as well like Sophos and Symantec which I also have documented.

  4. John Bent

    Hi Bill

    I’m a bit late coming in on this one. Having updated to FF 3.6.12 I find that ZoneAlarm ForceField no longer functions properly, indeed I frequently get the old “There was a problem sending the message to the program” if I try to fire up FF with ZAFF already running. This is a great shame as I’ve found ZAFF to be great, not only for browsing privacy, but for checking the safety of downloads, heuristically if necessary.

    I checked the Mozilla forums and found someone else had this problem previously. The response seemed to be “what do you expect if you install 3rd party add-ons”.

    I wonder if you’ve found a similar compatibility problem between the two.

    Kind regards


    • Hi John,

      Well, I’m a bit late in getting back to you. 🙂

      I use ZoneAlarm, but I don’t use ZAFF – although I hear it’s pretty good.

      I’ve checked around and I couldn’t come up with anything on this, but I’ll keep my ears to the ground.