Firefox 3.6.2 fixes critical security issue

Mozilla released Firefox 3.6.2 that fixes a critical security issue as well as stability issues.

WOFF heap corruption due to integer overflow

Security researcher Evgeny Legerov of Intevydis reported that the WOFF decoder contains an integer overflow in a font decompression routine. This flaw could result in too small a memory buffer being allocated to store a downloadable font. An attacker could use this vulnerability to crash a victim’s browser and execute arbitrary code on his/her system.