Mozilla isn’t wasting any time in its efforts to protect users against new security risks.

Last week, Mozilla’s open source Firefox Web browser was publicly exploited in the Pwn2own hacking competition at the CanSecWest security conference. Late on Thursday, Mozilla moved to fix the Pwn2own flaw with the Firefox 3.6.3 update.

The problem — a memory corruption flaw that Mozilla titled “Re-use of freed object due to scope confusion” — could lead to arbitrary code execution.

By moving DOM nodes between documents,a case was found where the moved node incorrectly retained its old scope.If garbage collection could be triggered at the right time then Firefox would later use this freed object.

According to Mozilla, the flaw reported only affects Firefox 3.6, though Mozilla plans on patching the Firefox 3.5 browser as well just in case there is another potential way of triggering the same flaw.

Firefox 3.6.2 itself had been rushed out just ahead of the Pwn2own event, where security researchers probe fully patched browsers for vulnerabilities. As it turned out, the 3.6.2 update hadn’t been enough to stop Nils from finding an exploit.

With the 2009 pwn2own flaw, Mozilla issued an updated version of Firefox within a week.

Firefox wasn’t the only browser hit by a zero-day flaw at this year’s Pwn2own. Microsoft’s Internet Explorer and Apple’s Safari were also exploited by security researchers. Neither of those vendors has yet to patch their respective browsers for their Pwn2own flaws. That doesn’t mean users need to worry too much: As part of the contest rules for Pwn2own, participating security researchers must keep the specific details of their exploit private while providing details to the browser vendors so that they can fix the issues.

Microsoft’s pledge to allow easier access to rival browsers in Windows by the middle of May, ended a long antitrust dispute with the European Union.The company has started to send a choice screen, where consumers can easily click on rival browsers, to almost 200 million old and new computers.

Internet Explorer’s share of all Web surfing has in March dropped in France by 2.5 percentage points from February, in Britain by 1 percentage point and in Italy by 1.3 points.

Norway’s Opera Software, the fourth largest browser firm, has seen downloads more than double in Europe from normal levels due to the choice screen, with downloads in Italy, Spain and Poland more than tripling.

Also No 2 browser firm, Mozilla, says it has seen strong growth. SInce the Ballot Choice screen rolls out across all countires Mozilla is expecting to an increase.

Smaller Web browsers have urged the European Union to push Microsoft to provide them more visibility in its browser choice website.

At first sight, Microsoft’s browser Choice Screen shows its own Internet Explorer, Firefox, Opera, Apple Inc’s Safari and Google Inc’s Chrome. It is not immediately obvious remaining choices are available by scrolling to the right of the Web page.

Microsoft has said the screen complies with the EU’s decision. The five largest browsers show directly on the Choice Screen, but smaller vendors say there is nothing to show consumers that more options are available.

On Wednesday, at a new site dedicated to the license overhaul, the Foundation announced that it’s now gathering update suggestions from world+dog and that it hopes to release a completed document by October or November.

The Mozilla Public License was originally developed at Netscape by current Mozilla head Mitchell Baker, and the Foundation has used version 1.1 with apps like Firefox and Thunderbird for more than a decade. Version 1.1 has also been used with various other projects, including Sun’s OpenSolaris and Adobe’s Flex.

The organization does not intend to make major changes to the license.It will remain “free and open,” and it will retain its copyleft requirements. Mozilla has already been in touch with the Free Software Foundation and the Open Source Initiative in an effort to ensure that any updates match up with their policies and principles. Both have approved the current MPL.Code licensed under the current MPL can be copied and modified as long as it’s then redistributed under the MPL, and you can mix MPL code with proprietary code to form a single executable. But the MPL is not compatible with the GNU GPL license.MPL code and GPL code cannot be combined in the same binary – unless the MPL code is also licensed under the GPL.

The Foundation will investigate whether it can make the MPL compatible with the Apache license, hoping to help projects using the MPL become more flexible about using Apache-licensed code.Unlike the MPL, the Apache license has no copyleft requirements.The code can be modified and reused without giving back to the community.