Mozilla's browser defenses were defeated twice this year Pwn2Own. But the foundation was released last week's 36.0.3 and today the next update Firefox 36.0.4 which addresses a flaw that allowed privilege escalation from the program browsing using a vulnerability that exists during processing SVG content.
The flaw was discovered by security investigator Mariusz Mlynski, who won 55.000 dollars.
The security advisory issued by Mozilla on Critical Vulnerability CVE-2015-0818 is completing the previous patch of the 36.0.3 version, which appears to be incomplete.
The Mozilla Foundation, however, reports that it has managed to patch another vulnerability presented at Pwn2Own 2015 by the researcher better safety ilxu1a.
Ilxu1a has been able to read what is written in the browser's memory and to execute arbitrary code on the local system by taking control of it.
The security vulnerability that was fixed is referred to as CVE-2015-0817 and has been determined by Firefox 36.0.3, 31.5.2 Firefox ESR and SeaMonkey 2.33.1.
At this time, Mozilla has closed all zero-days presented on Pwn2Own hacking competition held at Vancouver's ConSecWest last week.
Download the new version in English
Firefox 36.0.4 Windows
Firefox 36.0.4 Mac
Firefox 36.0.4 Linux
