Firefox patched a week early

Mozilla has fixed a vulnerability in Firefox so serious that the German government yesterday advised users to stop using the browser until a patch was forthcoming.

Firefox 3.6.2, which fixes this critical bug and makes a few other security and stability tweaks, was not expected for another week.

The vulnerability, described by some as “highly critical”, was found a month ago in the browser's implementation of Web Open Fonts Format, a feature new to version 3.6.

Successfully exploited, it would have allowed remote attackers to run the malicious code of their choice of their victims' machines.

Yesterday, Germany's BürgerCERT advised users to avoid Firefox until the bug was fixed, which was expected in eight days. Users needn't bother now, it seems.