Mozilla's browser defenses were defeated twice at this year's Pwn2Own. But the foundation was released last week's 36.0.3 and today the next update Firefox 36.0.4 which encounters a flaw that has allowed privileges to grow by the browser by using a vulnerability when processing SVG content.
The flaw was discovered by the researcher security Mariusz Mlynski, who won $55.000.
The security advisory issued by Mozilla on Critical Vulnerability CVE-2015-0818 is completing the previous patch of the 36.0.3 version, which appears to be incomplete.
The Mozilla Foundation, however, states that it has managed to repair another vulnerability presented to Pwn2Own 2015 by security researcher ilxu1a.
ilxu1a managed to read what was written in the μνήμη of the browser and execute arbitrary code on the local system, taking control of it.
The security vulnerability that was fixed is referred to as CVE-2015-0817 and has been determined by Firefox 36.0.3, 31.5.2 Firefox ESR and SeaMonkey 2.33.1.
At this time, Mozilla has closed all zero-days presented in the Pwn2Own hacking competition held at Vancouver's ConSecWest last week.
Download the new version in English
Firefox 36.0.4 Windows
Firefox 36.0.4 Mac
Firefox 36.0.4 Linux
