Critical security hole found in Firefox 3.5

Alejandro Piccolini  | 

July 21st, 2009  |  Published on: News

Critical security hole found in Firefox 3.5

Critical security hole found in Firefox 3.5

Days after the launch of Firefox 3.5, several issues have been found due to security issue. To make things worse, these slipups are turning into common issues among web browsers, and hackers will obviously make the most of it.

The first issue found in Firefox 3.5 was a highly critical Javascript vulnerability, the problem was cause due to the new Javascript rendering engine Tracemonkey, any one who has this enabled would be affected. It is a critical vulnerability that can be used to execute malicious code. The vulnerability can be exploited by an attacker who tricks a victim into viewing a malicious Web page containing the exploit code.

Even though this issue was fixed with Firefox 3.5.1, a vulnerability was found days later. Various analysts and sites have recently confirmed a vulnerability.1 that has had exploit PoC released. When exploited, the vulnerability can lead to system compromise or induce a DOS.

As a workaround, Mozilla advises users to disable the Just-in-time JavaScript compiler. To do so, users must first enter “about:config” into the browsers location bar and then set the “javascript.options.jit.content” setting value to “false”. When making changes to the “about:config” settings, users will first see a warning message stating that “This might void your warranty” and that changes to the advanced settings can be harmful to the stability, security and performance of Firefox.

Mozilla notes that disabling the JIT compiler is only a temporary security measure and that it will result in decreased JavaScript performance. Once the update is released, users should change the value back to “true”. Alternatively, users running Firefox 3.5 on Windows can run Firefox in Safe Mode, which automatically disables JIT.

Mozilla claims that the patch was already in the works when Firefox 3.5 was released which makes users uncomfortable and are starting grow disgrateful towards the Mozilla foundation.

Even though the security patches were released on the double, we hope that Mozilla checks on their products better before releasing them to the public since there are lots of Firefox users around who use the popular app as their default browser, otherwise a lot of Firefox will quickly turn to other browsers without giving it a second thought

Share and Enjoy:
  • Print
  • Digg
  • del.icio.us
  • Facebook
  • Google Bookmarks
  • Meneame
  • RSS
  • Twitter

Related posts:

  1. Clearing Mozilla Firefox´s history
  2. Downloading and opening files with Internet Explorer, Mozilla Firefox, Google Chrome and Opera
  3. Improvements and breakthroughs in the upcoming release of the Firefox web browser.
  4. Microsoft Security Essentials: the upcoming free antivirus software from MS
  5. News in the world of Apple
Bookmark and Share

Leave a comment

Security Code:

Categories

Tags

antivirus Audio Browser burn CD client Converter copy download DVD Edition Facebook files format Free Google Google Chrome Google Earth image interface Internet Internet Explorer iPod iTunes & QuickTime microsoft movies Mozilla Firefox Mp3 multimedia Music new version Opera player search engine security social networks SopCast Twitter Video VLC Media Player web Windows windows 7 Windows Live Messenger youtube

Recent Posts

Recent Comments

Popular Posts

 

July 2009
M T W T F S S
« Jun   Aug »
 12345
6789101112
13141516171819
20212223242526
2728293031  

News Archive

RSS

Blogroll

Rss Feed Tweeter button Facebook button Technorati button Reddit button Delicious button Digg button Stumbleupon button