Facebook Plunges Again
Tumblr 101: Tips And Tricks To Get Started
Critical Firefox 3.5 javascript exploit surfaces
In just over two weeks, Firefox 3.5 has been downloaded almost 28 million times. And yes, 3.5 boasts greatly improved JavaScript performance.
Unfortunately, the JIT compiler also sports a critical weakness in its current state. A web site containing the correct exploit code (which has been shared by Simon Berry at milw0rm.com) could allow an attacker to execute arbitrary code on vulnerable systems.
For the time being, you can disable the JIT compiler to protect yourself. Open about:config in Firefox , type jit in the search box, and double-click javascript.options.jit.content. Set the value to false. Doing this will reduce JavaScript performance, but will close up the hole until it is officially patched.
It's interesting to note that Mozilla was already aware of the bug and planning on releasing a patch some time in the next two weeks. On the official security blog, one developer states, "This fix was going to be in the 3.5.x update we had scheduled for the end of July, but obviously now we have moved up the schedule for release."
Unfortunately, the JIT compiler also sports a critical weakness in its current state. A web site containing the correct exploit code (which has been shared by Simon Berry at milw0rm.com) could allow an attacker to execute arbitrary code on vulnerable systems.
For the time being, you can disable the JIT compiler to protect yourself. Open about:config in Firefox , type jit in the search box, and double-click javascript.options.jit.content. Set the value to false. Doing this will reduce JavaScript performance, but will close up the hole until it is officially patched.
It's interesting to note that Mozilla was already aware of the bug and planning on releasing a patch some time in the next two weeks. On the official security blog, one developer states, "This fix was going to be in the 3.5.x update we had scheduled for the end of July, but obviously now we have moved up the schedule for release."
Comments
6
Subscribe to commentsRocketboyJul 15th 2009 9:31AM
ZMG! Firefox had a security flaw! And they sat on it before they released it!
Screw that, I'm going back to Lynx.
BrianJul 15th 2009 9:50AM
It was bound to happen.....
David GerardJul 15th 2009 10:38AM
@Rocketboy - real men telnet to port 80.
(REAL real men take the microfilter off, pick up the phone and whistle DSL at 500kHz.)
Mike7Jul 15th 2009 2:48PM
Firefox is vulnerable to something? No way, that's like a Honda being called "the worst new car your can buy today". It'll never...oh wait...
http://www.autoblog.com/2009/05/18/jeremy-clarkson-calls-honda-insight-biblically-terrible/
QuikboyJul 16th 2009 9:40AM
I'll bookmark this, to keep in my collection of links to disprove people that claim Firefox is all that and has no flaws, and IE is the worst.
BrianJul 17th 2009 5:56PM
They have fixed this issue among others in a update which has just been released. Firefox 3.5.1