Mozilla's browser defenses were defeated twice at this year's Pwn2Own. But the foundation was released last week's 36.0.3 and today the next update Firefox 36.0.4 which addresses a flaw that allowed elevation of privilege from the browser using a vulnerability that exists when editing SVG content.
The flaw was discovered by security investigator Mariusz Mlynski, who won 55.000 dollars.
The security advisory issued by Mozilla on Critical Vulnerability CVE-2015-0818 is completing the previous patch of the 36.0.3 version, which appears to be incomplete.
The Mozilla Foundation, however, states that it has managed to repair another vulnerability presented to Pwn2Own 2015 by security researcher ilxu1a.
Ilxu1a has been able to read what is written in the browser's memory and to execute arbitrary code on the local system by taking control of it.
The security vulnerability that was fixed is referred to as CVE-2015-0817 and has been determined by Firefox 36.0.3, 31.5.2 Firefox ESR and SeaMonkey 2.33.1.
At this time, Mozilla has closed all zero-days presented on Pwn2Own hacking competition που πραγματοποιήθηκε στο ConSecWest του Vancouver last weekteam.
Download the new version in English
Firefox 36.0.4 Windows
Firefox 36.0.4 Mac
Firefox 36.0.4 Linux
