Critical Firefox security hole fixed – have you updated?

Firefox updated
Mozilla has responded to concern about a critical security vulnerability in Firefox 3.6, by releasing version 3.6.2 of its popular browser ahead of schedule.

Firefox 3.6.2 fixes a vulnerability first discovered by security researcher Evgeny Legerov last month, which could allow hackers to launch malicious code on users’ computers.

As I blogged yesterday, concern about the bug was so high that the likes of the German government had advised internet users to switch to an alternative browser until a fix from Mozilla was available (at the time that fix was not scheduled until March 30th).

However, concern about the severity of the security flaw encouraged Mozilla to accelerate its timetable for release and speed up the schedule.

Sign up to our free newsletter.
Security news, advice, and tips.

If you are a Firefox 3.6 user, go to the Help menu and choose “Check for Updates” to update your installation of Firefox to the latest version. You can also visit www.getfirefox.com if you wish to download the full version.

I would also strongly recommend that all Firefox users consider using NoScript, the Firefox addon that provides a higher level of protection by allowing you to choose which websites are allowed to run active content (such as JavaScript).


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.