Level 85
Staff member
In advance of next week's Pwn2Own competition, Mozilla on Tuesday patched several Firefox vulnerabilities, eight of which were deemed critical.

The fixes are included in the delayed releases of Firefox 3.6.14 and 3.5.17, as well as Thunderbird 3.1.8, which Mozilla quietly released yesterday. At the time, Mozilla did not reveal the vulnerabilities fixed in the releases, but it has now provided some additional detail.

Mozilla issued fixes for 10 bugs in total. Among the critical bugs is one discovered by security researcher Jodi Chancel, who found that a JPEG image could be constructed in a way so that it would decode incorrectly, causing data to be written past the end of a buffer created to store the image.

More details - link