Mozilla yesterday confirmed the presence of a critical flaw in the latest version of Firefox, promising that it would release the fix by the end of the month.

The flaw was uncovered by Russian security researcher Evgeny Legerov a month ago in a message posted on a forum hosted by Immunity, the Miami Beach, Fla., developer best known for its Canvas penetration testing framework.

In addition, it was reported by The Reg last month that the flaw develops a means to inject hostile code on vulnerable systems.

However, Mozilla has claimed that the flaw would be patched in version 3.6.2, currently slated to ship on March 30. Until the March 30 patch is launched, users can upgrade Firefox to the beta of version 3.6.2, which includes the fix, by downloading the preview.

Mozilla yesterday said Legerov had eventually sent them "sufficient details to reproduce and analyze the issue."

"We will have our entire research team on-site so that we can do our best to ensure that known issues such as this one do not turn up at our contest", said Aaron Portnoy, a research team lead with 3Com TippingPoint, the company sponsoring Pwn2Own.